last executing test programs:

12m16.370139293s ago: executing program 2 (id=3):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x2d, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

12m16.277479807s ago: executing program 2 (id=6):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
unshare(0x24020400)
mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) (fail_nth: 5)

12m15.880437587s ago: executing program 2 (id=7):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
readv(r0, &(0x7f0000001140)=[{&(0x7f0000000400)=""/152, 0x98}], 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x109880)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x0, &(0x7f0000000240)=0x3)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000840), 0x0, 0x40)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioprio_set$uid(0x3, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000000c0)=0xff)
renameat2(0xffffffffffffffff, &(0x7f00000006c0)='./cgroup\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./mnt\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', &(0x7f00000049c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x0)
lchown(&(0x7f0000000340)='./file0\x00', r7, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000700)=ANY=[@ANYBLOB="6d706f6c3d62f40c8c73652c7063723d303030301e303030303034362c755dbf463d386d57ffed6125be080000001dff4bf803ac578f4cbf3cf75b09000006000000000000000000000000000000008db7eba0d39f4c8c059e8cadfb082a885082379c028e3952a485ddd468e8d263cad872c13a8d3a23dc533e6854252f0627512fe26378fa0d2148e8ae8ad0607126541d984cbee926bf1db20e4d2bf0973a328d6d4bbf0d05ee23cc56beac1579ad3ec9945981b6372b0c9cfc1558ff0ddc44adbf0747f8353f7a036511c671a038f7025f035efa7b74349f4a445971511246f315305b522b0a8fff8ebc0933f10de2b4033c0eca6456f72131665d374f949f69c2a73045078cabbd37f026ead24a6b797dc2083fb82132f67fb96476eb9d28e3d853", @ANYRESDEC=r7, @ANYBLOB="2c61707072616973655f747970653d696d617369672c7375626a5f757365723dc7f0b172250ca55881e7a63f6d5b1b87ad3420b0cf2a85ebd15b4f627eee01f6e5f29320f7fca9eeb6c7aea294a1452fe62e32da9e391e101525e8bafcd5aeac8736f10b7064d3d10caf1e2e5e02475a4d0b30d7a59d06d9610f09df47e35e93273b5aa98b15063ddc492dc84f1620a7c66cf13dea1a1e3ecae54960497c77fa6e4f2c00"])
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]})

12m15.007476511s ago: executing program 2 (id=8):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000ff070000000000000000000000ecd5ebb33a995b998abf36fce2b3f67a41552a35824852cd64110fc872e5d59218f7de4f9cad6698bceecfd346c5ffb1e99a22a20fed7ac487b21dc93d744d0821313247b2655af6c40018efc408000000000000001a9650d0e3016044371132bc97e4ef1d85e9064f03ea8c1dea4b"], 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001b40), 0x20341, 0x0)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040))
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000000)={0xfffffffa, 0x407, 0x8, 0x8010041, 0x80, "0baa301fa951e8a4603c811200", 0x81ed, 0xfffffff5})
r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x12)
r4 = dup(r3)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))
read$FUSE(r4, &(0x7f0000003bc0)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x15, '\x00', 0x0, @sk_reuseport, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

12m14.76199037s ago: executing program 32 (id=8):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000ff070000000000000000000000ecd5ebb33a995b998abf36fce2b3f67a41552a35824852cd64110fc872e5d59218f7de4f9cad6698bceecfd346c5ffb1e99a22a20fed7ac487b21dc93d744d0821313247b2655af6c40018efc408000000000000001a9650d0e3016044371132bc97e4ef1d85e9064f03ea8c1dea4b"], 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001b40), 0x20341, 0x0)
ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f0000000040))
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000000)={0xfffffffa, 0x407, 0x8, 0x8010041, 0x80, "0baa301fa951e8a4603c811200", 0x81ed, 0xfffffff5})
r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0x12)
r4 = dup(r3)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))
read$FUSE(r4, &(0x7f0000003bc0)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x15, '\x00', 0x0, @sk_reuseport, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

15.489648799s ago: executing program 4 (id=2655):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e000000ffffffff010068000400000001210000e99ee7efeb06563aa275f71e268dc915cd5515a1fc47b43ad07555445d331f5183d310c18d645333db01ab45e632deca674d015b73d7d7261bcc8c2b04cf8a051ebdc5c8f005ba850c10614dd784cffd3bbbc99478e86b7f0100d89f3e2611d6bef30fa922fa98602d4e1ac1dda87ddf1cb783c365d360f257ca654c95a3330a297394ab9c5c0a02bf8b7b02a98191d638791327", @ANYRES32, @ANYBLOB="ff0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000005000000040000000500"/28], 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
r5 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[], 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x408c0}, 0x4000004)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r7, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYRES64=r3, @ANYRESDEC=r5, @ANYRES64=r6], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r6)
restart_syscall()
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f0000000080)={0x8})
chdir(&(0x7f00000003c0)='./bus\x00')

8.49927847s ago: executing program 0 (id=2687):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xfff, 0x80000100008b}, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
listen(r0, 0x1ff)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r1, &(0x7f0000000400)="c5644cbfdcd80861d586eb4a7fb282957dcf6ca3a124afa87df33078586c88919f", 0x21, 0x5c19c4488a9dd80d, &(0x7f0000000280)={0x2, 0x4e22, @local}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47bc, 0xb0f8, 0x8, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x106, 0x0, &(0x7f00000003c0)=""/262, 0xffffbffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet(0x2, 0x5, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)

6.344512812s ago: executing program 5 (id=2688):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
io_uring_setup(0x1ddd, &(0x7f0000000440)={0x0, 0x40000000, 0x0, 0xfffffffd, 0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x3, 0xdde6f5e34f1fb078, 0x1, 0x2000, &(0x7f00008da000/0x2000)=nil})
eventfd2(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000049a000/0x2000)=nil, 0x4, &(0x7f00000004c0)=[{0x2, 0x8}], 0x1, 0xbfb, 0x0, 0x28, 0x2e, 0x1})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r5=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)

6.163243379s ago: executing program 3 (id=2690):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331d", 0x2f}], 0x1}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x4}}}, @hopopts={{0xf8, 0x29, 0x36, {0x5e, 0x1b, '\x00', [@pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1, 0x1]}}, @generic={0x8, 0x71, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58"}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0xffffffffffffff04]}}, @generic={0x1, 0x8, "2bdb86d1ce6a20c2"}]}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x73}}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x1a8}}], 0x1, 0x810)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433530cfccd0c", 0x48}, {&(0x7f0000000880)="3ed8269a24bf45844c983ea0eeeb58f212eeac22d35800c1a94b360b7b20a38c4009daad6421963cbcd5621f4aa4892eb9937191078bfbceee60ee759765c992659367fc8bd35cf5d87272d4c4bbccb6fe258a2bc4cf778776b91c3e1da4690fe0506ba67577475dac7b5a6647454b002cdccb192445a0e2b4f79b91acb8cfb6bbbb83081c02ec544d20af0b521d102bedc65eeda06df41d160c2197a51325f28b8a789a6fa17d6eaa40f1e40dab9f427d", 0xb1}, {&(0x7f0000000540)="b4e007f06d056aa0367c7356f83c", 0xe}, {&(0x7f0000000980)="3d0296eb70593b74da27ad0ef43cdfacca013f61136666b092f154b82202e7f3b41215fbe3e3381a66b6abde7af0a9f608998408bae2f97394d17cd4fad43a83137abc47e294c03e1c127933e4a232eb62112ca14d3b2323af2120ec24e17f1fc1758194dc4f9774968f41354ff3b7d7f445a29938c18743b5d93c123c4a67c469d256d9f076c29593f9648b5a1bd4195a3d7059007458b7dcc193efed2bfc25fe4cf69d8cc14a45105d48307cb7b27e4938d9d0d3c60b47bf599136cac2f29f890845", 0xc3}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9cc4187957fdca8dfa1151a311e577e1461a2426", 0x3c}, {&(0x7f0000000700)="741f5b18fef5626f948b1919860417488e3e5141e17a3031271340b8ac67e4f5f7a2", 0x22}, {&(0x7f0000000a80)}, {&(0x7f0000000d00)="7cedc13b1cbf2308b2000d3d62b333c7c3b9f321ef7bd8e0e1e323da70d8d595f505397d1fda268139275cca00007c8f8cff1d2a3a", 0x35}, {&(0x7f0000000ac0)="50591ee1c54cb070964417fd1f4ffe5a57c4ff8a3c5c5ce1d3957dfc44e8e17c719084f4e8da23c0e4667eeda56ce5d4d14d904f", 0x34}], 0x9, 0x4d9e, 0x8)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

5.986510754s ago: executing program 1 (id=2691):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
read$msr(0xffffffffffffffff, &(0x7f0000003040)=""/102399, 0x18fff)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x2000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x2}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x1802, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0))
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

5.983006921s ago: executing program 0 (id=2692):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0xce, &(0x7f0000000000)={0x0, 0x0, 0x100, 0x0, 0x335}, &(0x7f0000000080), &(0x7f00000001c0))
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x40000, 0x5)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x0)
close(0x3)
open_by_handle_at(r2, &(0x7f0000000000)=@ceph_nfs_confh={0x10, 0x2, {0x10, 0x9}}, 0x0)
pread64(r1, &(0x7f0000000040)=""/152, 0x98, 0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600000000000000"], 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x403, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x7, 0x2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)

5.908823727s ago: executing program 5 (id=2693):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8809}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x20024810}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x40100, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x5)
ioctl$KVM_CAP_HYPERV_SYNIC(r6, 0x4068aea3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x34, 0x18, 0x1, 0x70bd27, 0x25dfdbfb, {0x1d, 0x1, 0x4}, [@CGW_CS_XOR={0x8, 0x5, {0x5, 0xfffffffffffffffe, 0xf5, 0x4}}, @CGW_MOD_XOR={0x15, 0x3, {{{0x3, 0x1}, 0x4, 0x3, 0x0, 0x0, "13f90700"}, 0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x805936d41ec618b7}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x8c200, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000005c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f200011800e000100636f6e6e6c696d69740000000c0002800800014000000000400000000c0a01020000000000000000010000000900020073797a3200000000140003"], 0xe4}}, 0x0)

5.259460664s ago: executing program 3 (id=2694):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x3, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
syz_emit_ethernet(0x3a, &(0x7f00000003c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x2, 0x2c, 0x0, 0xe000, 0x0, 0x5, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @remote, {[@generic={0x94, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
r2 = dup(r0)
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r3, 0x5761, &(0x7f0000000f40)=ANY=[@ANYBLOB="0100000000000000008000000700000014f7ffff0900000009000000af010000a2b9000001000000100000000800000002000000"])
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_open_dev$evdev(0x0, 0x1, 0x8c2b01)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8010)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r6, &(0x7f0000009b80)=""/102392, 0x18ff8)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
io_submit(0x0, 0x0, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x0)
sendmsg$DEVLINK_CMD_PORT_SET(r5, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x4008001)
ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
read$dsp(r7, &(0x7f00000001c0)=""/95, 0x5f)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff038}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10)

4.588251781s ago: executing program 3 (id=2695):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
unshare(0x1a010000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = io_uring_setup(0x1ddd, &(0x7f0000000440)={0x0, 0x40000000, 0x0, 0xfffffffd, 0x8})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000740)={&(0x7f0000001000)}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r4, 0x17, &(0x7f0000000300)={0x0}, 0x1)
eventfd2(0x0, 0x0)
getcwd(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000049a000/0x2000)=nil, 0x4, &(0x7f00000004c0)=[{0x2, 0x8}], 0x1, 0xbfb, 0x0, 0x28, 0x2e, 0x1})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c10f14d2fc7735809c47e32e93c100600000000000000470d491bb505de5fcbbfec8afbfe35271e9444a73c19e312", @ANYRES16=r1, @ANYRES8=r4, @ANYRES32=r5, @ANYBLOB="05003400a9000000080026006c0900001e001f0002000600040000000000000000c00009000000010009200000030000"], 0x4c}, 0x1, 0x0, 0x0, 0x4890}, 0x4010)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'})

3.756809148s ago: executing program 4 (id=2696):
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x208}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000480), 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000028060001001a"], 0x1c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3)
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f00000005c0)={&(0x7f0000000100), 0xc, &(0x7f0000000580)={0x0, 0x418}, 0x1, 0x0, 0x0, 0x20008814}, 0x20000003)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000600)=@ethtool_stats={0x1d, 0x8, [0x6, 0x7, 0x88, 0x2, 0x80000001, 0x4, 0xc5, 0x7]}})
ioctl(r1, 0x8b1a, &(0x7f0000000040))

3.750559324s ago: executing program 3 (id=2697):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_cred(r0, 0x1, 0x2f, &(0x7f0000000280)={0xffffffffffffffff}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$pptp(0x18, 0x1, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x17, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)

3.664784586s ago: executing program 5 (id=2698):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x924, 0xc, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x910, 0x3, 0x0, 0x1, [{0x194, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPR={0x40, 0x7, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, '\b'}, @NFTA_SET_ELEM_DATA={0x12c, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8d, 0x1, "ee403dcde61f5c9efb7a86d8ecd712e20b9fb5aab6af6b239410f60bbe8fc3c520c9f9247ac46959659fcda56ccab072c0a34ec598cc430c969cf30cc1a224c2ce043b10a07dcb040aeae0ceda07ac7303668113a1e49c6324845a70c40bffb5e1c667fdaa09b517090c95e5847b8446b4aace7c9f3dd2fed736f9af501aebd00e714f2b46a4faff3e"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x29, 0x1, "3bc2a9323c4ca251fe3011cdb0bca7a2a4fbb4305a9d335d04d43a6d1268a56f8bf43de783"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x42c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x41c, 0xb, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x40, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_TTL={0x5, 0x2, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x374, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x360, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x210, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xbd, 0x1, "432a3a1a95b00a5a4d8da960af78bc5736f9749782495feb2403567d8a3f54b251e9187fe4a27dfe5b9abf5817c72e0bb72c2ded968cf7d4282dc7780ecb851f95e9fa112b38e0eb8088b7809b39f7d69eefadf04a919f133e2e55e982fa6464541bc4d8e358a9438746a16e4ebb749fac343a19bdd41b1dcdad5fb133fa460ae44152bb4cc5ec7b5fd0a0bb757d1603306b723ac8ba0448f65a32d6e92ddf79dcce29e4757aea5be97acf8ad6354d822926f095005c4024fe"}, @NFTA_DATA_VALUE={0xc9, 0x1, "e47f2bc3f82560ae1765a0f2186c2e8e5ec6c9ce5ced33620fc3e159298d1ab1b2ae20d8c58eb182dd53bca89e757b35cde2c91f21c897c0d1734eee833a557dba9e362d48792fd9741fc71840af29ae7e2a935681bf8fb048d9a017dbfccdc608c99550dbc95079539fd94f0c14457b05e44770cb91463a1d6274d041439c16587bde68f097c8c94377792bf88adc7c41c6388df6c55c927d1edd8d8bbb094c607c0d7ba22e3114935f7ffa256991b9fc5ced94e368c20e27e72aeee33eedbfd25909be64"}, @NFTA_DATA_VALUE={0x2d, 0x1, "f49ab7b01c9443e96f658138285125280127ab0333c7d9351e25eb769f824f6036046a9bb2281054ab"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DATA={0x30, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x9, 0x1, "d65e315ab8"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_IMMEDIATE_DATA={0x10c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0xe1, 0x1, "0ac83e3d0477618259f1a4fdeb8d1d3997b6fc8564be440ae6746d7985e5c16ac2a68306aa6df877ff87f654f0ceed156feea203663dcfb17d3dfb9b9d6124a8dadca89d60a3dad2b7872568b68b8addb0a549b8ffce000744d42d8ee746509c9dc54fc04a0961cb27cfd719b2e360d9f8ee2732923e8777de9485f0457a7a488cd61f7a53b8844e2877553be7c783a5909c84dea20474349959c15c6376b0738070a9d94f745905898a92066e48acf4b6535a7bcd9b43b0857bf8b4aa97125e254d8efe519a9eb3060a42f0f141d42b932c52b5a0cb5dc386a6b2ce16"}]}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x4}, {0x1a8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x198, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VALUE={0x85, 0x1, "d6053c714ebcd7ac9b44dbc45e180ef67384efa6e1fdcf1fa68a306d38290cc8f0b3350fac0adb910e1db985811352ff05125adc4253a5ee0425eaed8f2d342d523ecf15c5d089870b5702c36e0aac992501d0e9d7c64b4b8ccfceab4ec7bb29b9c9d379f79065438a47feb698a74ca012527c9ac9430089105ac35ab0afe75339"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x61, 0x1, "a015764d238a328b240be009b96b21cf57a5015493a2173595caa9e8dbd3b8ed2a31e63313f408ea3c15092ddd95daddf94ece86e03eda28a23f2f2d378800699f48f3255feca10186b2924cc760fd4227b7dff783f72d48237e5cee1c"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3}]}, {0x170, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x110, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x85, 0x1, "12d41270fd8799f09842b386fcbfdeee1b9d5a144689d13459c4170a4c94cfebfa65074cbd32b41816da841467357970d13cdd4e4578b73175f6cc9fbf05eec1640a6199f05cfbfb1c52b04c2722fde0f572a7495b18ff19a7fc0e2d183ba74958ca5d9ae16e446a42f93100abbf9194de082a01376711b191d25ea444cdb1a689"}]}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x48, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}]}, {0x2c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_EXPR={0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, {0x4}]}]}, @NFT_MSG_DELOBJ={0x104, 0x14, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0x71, 0x8, "746da3f6b99570512aac2793779706979e85b91c52cdc855f10f6f740fb5bbe11f971cf6253331cb7590269043cdba171cafb29d6a9f9fd176c03de4cb9cc5decf234224d8ad070b50c34d2370c5e941673b760018013f58aa7e2be272a07045a29c2dc660f603a516daac6ad3"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x49, 0x8, "265bb41be9c4efad856db0f5f447b705328a8b77f28eae678cb3d0693e19c3968194175c627b46b1720fe1f806ade798a57f6197a58c0d67d6f1011a790f5a433faf9c7c79"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x39}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x28, 0x18, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x0, 0x0, 0x0, {0x2, 0x0, 0x7}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xabc}}, 0x4000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.597248187s ago: executing program 1 (id=2699):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0xa38, 0xc, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xa24, 0x3, 0x0, 0x1, [{0x1c0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPR={0x40, 0x7, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, '\b'}, @NFTA_SET_ELEM_DATA={0x158, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8d, 0x1, "ee403dcde61f5c9efb7a86d8ecd712e20b9fb5aab6af6b239410f60bbe8fc3c520c9f9247ac46959659fcda56ccab072c0a34ec598cc430c969cf30cc1a224c2ce043b10a07dcb040aeae0ceda07ac7303668113a1e49c6324845a70c40bffb5e1c667fdaa09b517090c95e5847b8446b4aace7c9f3dd2fed736f9af501aebd00e714f2b46a4faff3e"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x29, 0x1, "3bc2a9323c4ca251fe3011cdb0bca7a2a4fbb4305a9d335d04d43a6d1268a56f8bf43de783"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x320, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x310, 0xb, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x40, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_TTL={0x5, 0x2, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x268, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x254, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x204, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xbd, 0x1, "432a3a1a95b00a5a4d8da960af78bc5736f9749782495feb2403567d8a3f54b251e9187fe4a27dfe5b9abf5817c72e0bb72c2ded968cf7d4282dc7780ecb851f95e9fa112b38e0eb8088b7809b39f7d69eefadf04a919f133e2e55e982fa6464541bc4d8e358a9438746a16e4ebb749fac343a19bdd41b1dcdad5fb133fa460ae44152bb4cc5ec7b5fd0a0bb757d1603306b723ac8ba0448f65a32d6e92ddf79dcce29e4757aea5be97acf8ad6354d822926f095005c4024fe"}, @NFTA_DATA_VALUE={0xc9, 0x1, "e47f2bc3f82560ae1765a0f2186c2e8e5ec6c9ce5ced33620fc3e159298d1ab1b2ae20d8c58eb182dd53bca89e757b35cde2c91f21c897c0d1734eee833a557dba9e362d48792fd9741fc71840af29ae7e2a935681bf8fb048d9a017dbfccdc608c99550dbc95079539fd94f0c14457b05e44770cb91463a1d6274d041439c16587bde68f097c8c94377792bf88adc7c41c6388df6c55c927d1edd8d8bbb094c607c0d7ba22e3114935f7ffa256991b9fc5ced94e368c20e27e72aeee33eedbfd25909be64"}, @NFTA_DATA_VALUE={0x2d, 0x1, "f49ab7b01c9443e96f658138285125280127ab0333c7d9351e25eb769f824f6036046a9bb2281054ab"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DATA={0x2c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x6, 0x1, "d65e"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x440, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_DATA={0xb0, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa9, 0x1, "bd938479c054c28211b25719918121a43a0acb802a18aacc6d4e64e1bc12e7c310cae0c328525740febfbf0324de92e8c7a3c1c6735667778d1dba12658f9be62cdfe37f96e90b33c1f730de4386686864a6ac0457df3229549acb1eea5cabcbb24ab8ca5cf4d8b79551f66d37c78ba88ead09dbbbd5e533ae339f268802ed89dfe3aed2ca614dfa06296ecc9f708efdcb7e87805e83469c41b28749d305c7a0ee79552d85"}]}, @NFTA_SET_ELEM_KEY_END={0x244, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VALUE={0xa6, 0x1, "76e904bd7e1a23b51fcbae4609d95c66447d252c30e761caf2b5d51304703c769fb2eb27adf3d5b2c7cd02d43f3c2c3ce85811d9d73825f82deda04d4f4fd5ee3b4d9c33c7bfe84773a3aa459c190c5d478942e2b8f5cb2726434de2d9a24c11f911df716531ff2794e7808ef3416c812a571561f407040422e6689fb086725a9942a136f8ae194de031aa40910aafffb0385c32480914f27f79c274179d6369fb10"}, @NFTA_DATA_VALUE={0x39, 0x1, "3fc1c6113515c21ad842ba5957de908644315ed1d0d29b49495b3c1edfc847909d0ee57dd30973b0386a0ffd4a1eeb27c1a54401cb"}, @NFTA_DATA_VERDICT={0x58, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x4}, @NFTA_DATA_VALUE={0x79, 0x1, "481d9de8da3a69cc423cf29173daabd2b6622bb0261d9667091e7e24b324400db1d06cfdde229d768f2d6b171ea91847f07bb54468005286df33dd9e5044156912ea34a1b6c9fd1c2f1792f0edf0f4d02a5fff9dfed5639e3ff36aa6bdb729466f5919c775c61564ad31dd3e5b02d9201dd48a71f4"}, @NFTA_DATA_VALUE={0x49, 0x1, "8d5040f31cf271b59b7ded19801fee95f993d008c776a3347629a4edcdf4dc7a1a6d3f58701cd10fc8e09a6b6cf1ac94a10e0e1cfd40be3cf538fa02d6b59003b2c5173095"}, @NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_KEY={0x140, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x95, 0x1, "b50a5d8b3a10c08722302f7e515a076e36a3e56d59f246c88b534f2fcc076630f46f235f284b8cb2586619765e83c5fd023e5978192dc14d9c16da81f041d4639cd657537eddac3caf506a1418ed4a62776e0239e84076afee053776fb4e915b57a978f70af7eedec038e780b6a90d04f92e0be64fc756e37a6f6e6e2b519bbb4cc28268d1a28ddad22467096faa1ce271"}, @NFTA_DATA_VERDICT={0x5c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x5c, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x48, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}]}, {0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x1c, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "f979f13d46b3ef834769346246251c30f3"}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}, @NFTA_SET_ELEM_EXPR={0x18, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, {0x4}]}]}, @NFT_MSG_DELOBJ={0x8c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x45, 0x8, "265bb41be9c4efad856db0f5f447b705328a8b77f28eae678cb3d0693e19c3968194175c627b46b1720fe1f806ade798a57f6197a58c0d67d6f1011a790f5a433f"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x39}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x18, 0x18, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xb34}}, 0x4000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.393663868s ago: executing program 1 (id=2700):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x944, 0xc, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x930, 0x3, 0x0, 0x1, [{0x1c0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPR={0x40, 0x7, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, '\b'}, @NFTA_SET_ELEM_DATA={0x158, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8d, 0x1, "ee403dcde61f5c9efb7a86d8ecd712e20b9fb5aab6af6b239410f60bbe8fc3c520c9f9247ac46959659fcda56ccab072c0a34ec598cc430c969cf30cc1a224c2ce043b10a07dcb040aeae0ceda07ac7303668113a1e49c6324845a70c40bffb5e1c667fdaa09b517090c95e5847b8446b4aace7c9f3dd2fed736f9af501aebd00e714f2b46a4faff3e"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x29, 0x1, "3bc2a9323c4ca251fe3011cdb0bca7a2a4fbb4305a9d335d04d43a6d1268a56f8bf43de783"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x42c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x41c, 0xb, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x40, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_TTL={0x5, 0x2, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x374, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x360, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x210, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xbd, 0x1, "432a3a1a95b00a5a4d8da960af78bc5736f9749782495feb2403567d8a3f54b251e9187fe4a27dfe5b9abf5817c72e0bb72c2ded968cf7d4282dc7780ecb851f95e9fa112b38e0eb8088b7809b39f7d69eefadf04a919f133e2e55e982fa6464541bc4d8e358a9438746a16e4ebb749fac343a19bdd41b1dcdad5fb133fa460ae44152bb4cc5ec7b5fd0a0bb757d1603306b723ac8ba0448f65a32d6e92ddf79dcce29e4757aea5be97acf8ad6354d822926f095005c4024fe"}, @NFTA_DATA_VALUE={0xc9, 0x1, "e47f2bc3f82560ae1765a0f2186c2e8e5ec6c9ce5ced33620fc3e159298d1ab1b2ae20d8c58eb182dd53bca89e757b35cde2c91f21c897c0d1734eee833a557dba9e362d48792fd9741fc71840af29ae7e2a935681bf8fb048d9a017dbfccdc608c99550dbc95079539fd94f0c14457b05e44770cb91463a1d6274d041439c16587bde68f097c8c94377792bf88adc7c41c6388df6c55c927d1edd8d8bbb094c607c0d7ba22e3114935f7ffa256991b9fc5ced94e368c20e27e72aeee33eedbfd25909be64"}, @NFTA_DATA_VALUE={0x2d, 0x1, "f49ab7b01c9443e96f658138285125280127ab0333c7d9351e25eb769f824f6036046a9bb2281054ab"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DATA={0x30, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x9, 0x1, "d65e315ab8"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_IMMEDIATE_DATA={0x10c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0xe1, 0x1, "0ac83e3d0477618259f1a4fdeb8d1d3997b6fc8564be440ae6746d7985e5c16ac2a68306aa6df877ff87f654f0ceed156feea203663dcfb17d3dfb9b9d6124a8dadca89d60a3dad2b7872568b68b8addb0a549b8ffce000744d42d8ee746509c9dc54fc04a0961cb27cfd719b2e360d9f8ee2732923e8777de9485f0457a7a488cd61f7a53b8844e2877553be7c783a5909c84dea20474349959c15c6376b0738070a9d94f745905898a92066e48acf4b6535a7bcd9b43b0857bf8b4aa97125e254d8efe519a9eb3060a42f0f141d42b932c52b5a0cb5dc386a6b2ce16"}]}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x1a0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x190, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VALUE={0x85, 0x1, "d6053c714ebcd7ac9b44dbc45e180ef67384efa6e1fdcf1fa68a306d38290cc8f0b3350fac0adb910e1db985811352ff05125adc4253a5ee0425eaed8f2d342d523ecf15c5d089870b5702c36e0aac992501d0e9d7c64b4b8ccfceab4ec7bb29b9c9d379f79065438a47feb698a74ca012527c9ac9430089105ac35ab0afe75339"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x61, 0x1, "a015764d238a328b240be009b96b21cf57a5015493a2173595caa9e8dbd3b8ed2a31e63313f408ea3c15092ddd95daddf94ece86e03eda28a23f2f2d378800699f48f3255feca10186b2924cc760fd4227b7dff783f72d48237e5cee1c"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3}]}, {0x170, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x110, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x85, 0x1, "12d41270fd8799f09842b386fcbfdeee1b9d5a144689d13459c4170a4c94cfebfa65074cbd32b41816da841467357970d13cdd4e4578b73175f6cc9fbf05eec1640a6199f05cfbfb1c52b04c2722fde0f572a7495b18ff19a7fc0e2d183ba74958ca5d9ae16e446a42f93100abbf9194de082a01376711b191d25ea444cdb1a689"}]}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x48, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}]}, {0x2c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_EXPR={0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, {0x4}]}]}, @NFT_MSG_DELOBJ={0x12c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0x99, 0x8, "746da3f6b99570512aac2793779706979e85b91c52cdc855f10f6f740fb5bbe11f971cf6253331cb7590269043cdba171cafb29d6a9f9fd176c03de4cb9cc5decf234224d8ad070b50c34d2370c5e941673b760018013f58aa7e2be272a07045a29c2dc660f603a516daac6ad30d42895720a9ba2eec967d343e0c7b25ca46cbb5fca1e503b4b1c93e670813cdfe08d889b849123e"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x49, 0x8, "265bb41be9c4efad856db0f5f447b705328a8b77f28eae678cb3d0693e19c3968194175c627b46b1720fe1f806ade798a57f6197a58c0d67d6f1011a790f5a433faf9c7c79"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x39}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x28, 0x18, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x0, 0x0, 0x0, {0x2, 0x0, 0x7}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xb04}}, 0x4000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.325519539s ago: executing program 5 (id=2701):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = syz_io_uring_setup(0xd7, &(0x7f0000000000)={0x0, 0xb46, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000080))
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0xd, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)={0x2c, 0x10, 0x1, 0x0, 0x25dfdbfe, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0xc, 0x3a, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x1}]}]}, 0x2c}], 0x1}, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x3, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x21, 0xc, 0x0, 0x75, 0x81, 0x10, 0x0, 0x0, 0x82, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0xff, 0x0, '\x00', 0x7})
ioctl$KVM_TDX_INIT_VCPU(r5, 0xc008aeba, &(0x7f00000000c0)={0x2, 0x0, 0xffffffffffffffd6})

3.108152776s ago: executing program 1 (id=2702):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2400c841}, 0x54)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x46)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0)
getpid()
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000900)='/sys/kernel/fscaps', 0x101000, 0x3)
r4 = socket$alg(0x26, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0xfffffffffffffd0e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000412ff8)="63429860415b7ac7", 0x8)
r8 = accept(r4, 0x0, 0x0)
sendmmsg$alg(r8, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x18}], 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000017010000030000000100000000000000c8000000000000001701000002000000b2000000b14268b1c4a9aa1f1777703181c95eb5a251ca8b6f0d6f4ecdbd9e4c09c5b4ee159a723c4c7d37835481cd57eeeba59106a79f25f8ec9f9902efba123ff5cd36856f026d6597f382db876ea9fcdc7310b5a7abc3701eb2a2a6bf5f6921a8b6941ef4764052930926bbca132ba94469ed85b000000b11e01459ee499a9d85599db704c6212ff6c4e0cf86dd47675eef52b49d46cebfffbda1a586489cefbdfeb5557c58d946be9ec6670b1d9f8d6b2c749cf0000018000000000000001701000004000000ce0c000000000000180000000000000017010000040000000700000000000000"], 0x110}], 0x1, 0x0)
recvmsg(r8, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600), 0x0, 0x0, 0x0, 0x1000000}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

2.638214729s ago: executing program 5 (id=2703):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
mknodat$loop(0xffffffffffffff9c, 0x0, 0x20, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r2, 0x25, 0x10, @void}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6000000000103afffe8000100800000000001800000000bbff0a000000000000000000000000000186009078ff00f800fcffffff00000000"], 0x0)

2.239286241s ago: executing program 0 (id=2704):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x3, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x21, 0xc, 0x0, 0x75, 0x81, 0x10, 0x0, 0x0, 0x82, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0xff, 0x0, '\x00', 0x7})
ioctl$KVM_TDX_INIT_VCPU(r2, 0xc008aeba, &(0x7f00000000c0)={0x2, 0x0, 0xffffffffffffffd6})

2.159693115s ago: executing program 5 (id=2705):
socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8005, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3201000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000004080001400000001408000240000000120c0005800800010088634d580c000480080001006eee7e000900010073797a300000000014000000110001"], 0x118}}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x200000)
cachestat(r2, 0x0, &(0x7f0000000040), 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, 0xffffffffffffffff, 0x80000})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000140)="e0b9547ed387dbe9abc89b6f4bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
preadv(r4, &(0x7f0000000040), 0x0, 0x0, 0x4265)
r5 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001180)=ANY=[@ANYBLOB="28000000010701010000000000000000010000091400078008000140010000060800024000000001be92248ac6a07cbc848f0890016169a6090181ac6f34afa5b9cfc702fd8e7ba7978773d82ac6453049a541ecd0b05cfc4e88dbe0d80f139c45cdefc5f95a26d557452c466822017e90fa93221f575cc05156a2c5b9c09a55065bf8950eb40ce518236b0e62150814dee220715ae599ca844464da13645242043f29"], 0x28}, 0x1, 0x0, 0x0, 0x804c}, 0xc080)

1.637225467s ago: executing program 3 (id=2706):
r0 = epoll_create1(0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0xc0002000})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xd)
r3 = socket$kcm(0x2, 0x922000000001, 0x106)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
sendmsg$inet(r3, &(0x7f0000000800)={&(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10, 0x0}, 0x20009090)

1.600947621s ago: executing program 0 (id=2707):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = fsopen(&(0x7f0000000700)='affs\x00', 0x1)
r3 = fcntl$dupfd(r2, 0x0, r2)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x30, r1, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000a80)={'ip6gretap0\x00', &(0x7f00000009c0)=@ethtool_flash={0x26, 0x8000000, './file0\x00'}})
setsockopt$IP_VS_SO_SET_EDITDEST(r4, 0x0, 0x489, &(0x7f0000000040)={{0x0, @remote, 0x4e23, 0x0, 'lblcr\x00', 0x11, 0xe93a, 0x35}, {@remote, 0x4e23, 0x0, 0x6778, 0x0, 0xd6}}, 0x44)
setsockopt$CAN_RAW_JOIN_FILTERS(r3, 0x65, 0x6, &(0x7f00000006c0)=0x1, 0x4)
recvmsg(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1, &(0x7f0000000280)=""/118, 0x76}, 0x2143)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), r0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000002780)=""/4096, 0x1000}], 0x1, 0x5b3d2934, 0xfffffff8)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r9=>0x0)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r9], 0x1c}}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000003c0)=<r10=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000000680)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x34, r5, 0x700, 0x70bd2b, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, '{$\r_'}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_FIRMWARE_NAME={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r10}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0xc000)

1.507919659s ago: executing program 4 (id=2708):
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0x3, r2}]}, 0x40}}, 0x0)
link(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00')

1.479014234s ago: executing program 3 (id=2709):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100), 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000400)=[@timestamp, @sack_perm, @mss={0x2, 0x6}, @mss={0x2, 0x400}, @mss={0x2, 0xcb2}, @mss={0x2, 0x3}, @timestamp, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f00000006c0)='L', 0x1, 0x440dc, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0x48)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_io_uring_setup(0x1714, &(0x7f0000002040)={0x0, 0x20e822, 0x10100, 0x800}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0})
chdir(&(0x7f0000000000)='./file0\x00')
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8)
pipe(&(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000005bcca2023380100eb030102030109021b000100000000090400"], 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r7, 0x541b, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r4, 0x58, &(0x7f0000000200)}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f000001b000)={@loopback, @private0, @private2, 0x4000006, 0x5, 0x0, 0x100, 0xffffffffffffffff, 0x2480187, r9})
splice(r5, 0x0, r4, 0x0, 0x1000, 0x800000000000000)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAPCLR(r10, 0x4b68, 0x0)
splice(r3, 0x0, r6, 0x0, 0x80, 0x8)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)

1.176064134s ago: executing program 1 (id=2710):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000300)={0x0, 0x0, 0x2, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r3=>0x0})
r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r4, 0x2007ffb)
close(r4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)='%pi6   \x00'}, 0x20)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000480)=@generic={&(0x7f0000000440)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_ext={0x1c, 0xf, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0xffff, 0x62, &(0x7f0000000240)=""/98, 0x41000, 0x24, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x1, 0x1, 0x401}, 0x10, 0x1efbf, r4, 0x2, &(0x7f00000004c0)=[r5, r6, 0x1], &(0x7f0000000500)=[{0x2, 0x1, 0x9, 0x5}, {0x3, 0x2, 0x8, 0xf}]}, 0x94)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r7, &(0x7f0000007700), 0x318, 0xfc0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r8 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r8, 0x114, 0x6, 0x0, 0x0)
pipe2(&(0x7f0000000040), 0x0)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x182, 0x0)

1.175061109s ago: executing program 4 (id=2711):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0xa38, 0xc, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xa24, 0x3, 0x0, 0x1, [{0x1c0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPR={0x40, 0x7, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, '\b'}, @NFTA_SET_ELEM_DATA={0x158, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8d, 0x1, "ee403dcde61f5c9efb7a86d8ecd712e20b9fb5aab6af6b239410f60bbe8fc3c520c9f9247ac46959659fcda56ccab072c0a34ec598cc430c969cf30cc1a224c2ce043b10a07dcb040aeae0ceda07ac7303668113a1e49c6324845a70c40bffb5e1c667fdaa09b517090c95e5847b8446b4aace7c9f3dd2fed736f9af501aebd00e714f2b46a4faff3e"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x29, 0x1, "3bc2a9323c4ca251fe3011cdb0bca7a2a4fbb4305a9d335d04d43a6d1268a56f8bf43de783"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x320, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x310, 0xb, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x40, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_TTL={0x5, 0x2, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x268, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x254, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x204, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xbd, 0x1, "432a3a1a95b00a5a4d8da960af78bc5736f9749782495feb2403567d8a3f54b251e9187fe4a27dfe5b9abf5817c72e0bb72c2ded968cf7d4282dc7780ecb851f95e9fa112b38e0eb8088b7809b39f7d69eefadf04a919f133e2e55e982fa6464541bc4d8e358a9438746a16e4ebb749fac343a19bdd41b1dcdad5fb133fa460ae44152bb4cc5ec7b5fd0a0bb757d1603306b723ac8ba0448f65a32d6e92ddf79dcce29e4757aea5be97acf8ad6354d822926f095005c4024fe"}, @NFTA_DATA_VALUE={0xc9, 0x1, "e47f2bc3f82560ae1765a0f2186c2e8e5ec6c9ce5ced33620fc3e159298d1ab1b2ae20d8c58eb182dd53bca89e757b35cde2c91f21c897c0d1734eee833a557dba9e362d48792fd9741fc71840af29ae7e2a935681bf8fb048d9a017dbfccdc608c99550dbc95079539fd94f0c14457b05e44770cb91463a1d6274d041439c16587bde68f097c8c94377792bf88adc7c41c6388df6c55c927d1edd8d8bbb094c607c0d7ba22e3114935f7ffa256991b9fc5ced94e368c20e27e72aeee33eedbfd25909be64"}, @NFTA_DATA_VALUE={0x2d, 0x1, "f49ab7b01c9443e96f658138285125280127ab0333c7d9351e25eb769f824f6036046a9bb2281054ab"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DATA={0x2c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x6, 0x1, "d65e"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}]}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x440, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_DATA={0xb0, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xa9, 0x1, "bd938479c054c28211b25719918121a43a0acb802a18aacc6d4e64e1bc12e7c310cae0c328525740febfbf0324de92e8c7a3c1c6735667778d1dba12658f9be62cdfe37f96e90b33c1f730de4386686864a6ac0457df3229549acb1eea5cabcbb24ab8ca5cf4d8b79551f66d37c78ba88ead09dbbbd5e533ae339f268802ed89dfe3aed2ca614dfa06296ecc9f708efdcb7e87805e83469c41b28749d305c7a0ee79552d85"}]}, @NFTA_SET_ELEM_KEY_END={0x244, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VALUE={0xa6, 0x1, "76e904bd7e1a23b51fcbae4609d95c66447d252c30e761caf2b5d51304703c769fb2eb27adf3d5b2c7cd02d43f3c2c3ce85811d9d73825f82deda04d4f4fd5ee3b4d9c33c7bfe84773a3aa459c190c5d478942e2b8f5cb2726434de2d9a24c11f911df716531ff2794e7808ef3416c812a571561f407040422e6689fb086725a9942a136f8ae194de031aa40910aafffb0385c32480914f27f79c274179d6369fb10"}, @NFTA_DATA_VALUE={0x39, 0x1, "3fc1c6113515c21ad842ba5957de908644315ed1d0d29b49495b3c1edfc847909d0ee57dd30973b0386a0ffd4a1eeb27c1a54401cb"}, @NFTA_DATA_VERDICT={0x58, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x4}, @NFTA_DATA_VALUE={0x79, 0x1, "481d9de8da3a69cc423cf29173daabd2b6622bb0261d9667091e7e24b324400db1d06cfdde229d768f2d6b171ea91847f07bb54468005286df33dd9e5044156912ea34a1b6c9fd1c2f1792f0edf0f4d02a5fff9dfed5639e3ff36aa6bdb729466f5919c775c61564ad31dd3e5b02d9201dd48a71f4"}, @NFTA_DATA_VALUE={0x49, 0x1, "8d5040f31cf271b59b7ded19801fee95f993d008c776a3347629a4edcdf4dc7a1a6d3f58701cd10fc8e09a6b6cf1ac94a10e0e1cfd40be3cf538fa02d6b59003b2c5173095"}, @NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_KEY={0x140, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x95, 0x1, "b50a5d8b3a10c08722302f7e515a076e36a3e56d59f246c88b534f2fcc076630f46f235f284b8cb2586619765e83c5fd023e5978192dc14d9c16da81f041d4639cd657537eddac3caf506a1418ed4a62776e0239e84076afee053776fb4e915b57a978f70af7eedec038e780b6a90d04f92e0be64fc756e37a6f6e6e2b519bbb4cc28268d1a28ddad22467096faa1ce271"}, @NFTA_DATA_VERDICT={0x5c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x5c, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}]}]}, {0x60, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x48, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}]}, {0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x1c, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "f979f13d46b3ef834769346246251c30f3"}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x4}, @NFTA_SET_ELEM_EXPR={0x18, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, {0x4}]}]}, @NFT_MSG_DELOBJ={0x8c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x45, 0x8, "265bb41be9c4efad856db0f5f447b705328a8b77f28eae678cb3d0693e19c3968194175c627b46b1720fe1f806ade798a57f6197a58c0d67d6f1011a790f5a433f"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x39}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x18, 0x18, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xb34}}, 0x4000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

591.250362ms ago: executing program 0 (id=2712):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x944, 0xc, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x930, 0x3, 0x0, 0x1, [{0x1c0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xa}, @NFTA_SET_ELEM_EXPR={0x40, 0x7, 0x0, 0x1, @flow_offload={{0x11}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, @NFTA_SET_ELEM_USERDATA={0x5, 0x6, 0x1, 0x0, '\b'}, @NFTA_SET_ELEM_DATA={0x158, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8d, 0x1, "ee403dcde61f5c9efb7a86d8ecd712e20b9fb5aab6af6b239410f60bbe8fc3c520c9f9247ac46959659fcda56ccab072c0a34ec598cc430c969cf30cc1a224c2ce043b10a07dcb040aeae0ceda07ac7303668113a1e49c6324845a70c40bffb5e1c667fdaa09b517090c95e5847b8446b4aace7c9f3dd2fed736f9af501aebd00e714f2b46a4faff3e"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x29, 0x1, "3bc2a9323c4ca251fe3011cdb0bca7a2a4fbb4305a9d335d04d43a6d1268a56f8bf43de783"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x42c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x41c, 0xb, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}}}, {0x40, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_OSF_TTL={0x5, 0x2, 0x2}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_FLAGS={0x8}, @NFTA_OSF_TTL={0x5, 0x2, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @nat={{0x8}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x374, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x360, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x210, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0xbd, 0x1, "432a3a1a95b00a5a4d8da960af78bc5736f9749782495feb2403567d8a3f54b251e9187fe4a27dfe5b9abf5817c72e0bb72c2ded968cf7d4282dc7780ecb851f95e9fa112b38e0eb8088b7809b39f7d69eefadf04a919f133e2e55e982fa6464541bc4d8e358a9438746a16e4ebb749fac343a19bdd41b1dcdad5fb133fa460ae44152bb4cc5ec7b5fd0a0bb757d1603306b723ac8ba0448f65a32d6e92ddf79dcce29e4757aea5be97acf8ad6354d822926f095005c4024fe"}, @NFTA_DATA_VALUE={0xc9, 0x1, "e47f2bc3f82560ae1765a0f2186c2e8e5ec6c9ce5ced33620fc3e159298d1ab1b2ae20d8c58eb182dd53bca89e757b35cde2c91f21c897c0d1734eee833a557dba9e362d48792fd9741fc71840af29ae7e2a935681bf8fb048d9a017dbfccdc608c99550dbc95079539fd94f0c14457b05e44770cb91463a1d6274d041439c16587bde68f097c8c94377792bf88adc7c41c6388df6c55c927d1edd8d8bbb094c607c0d7ba22e3114935f7ffa256991b9fc5ced94e368c20e27e72aeee33eedbfd25909be64"}, @NFTA_DATA_VALUE={0x2d, 0x1, "f49ab7b01c9443e96f658138285125280127ab0333c7d9351e25eb769f824f6036046a9bb2281054ab"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DATA={0x30, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x9, 0x1, "d65e315ab8"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_IMMEDIATE_DATA={0x10c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0xe1, 0x1, "0ac83e3d0477618259f1a4fdeb8d1d3997b6fc8564be440ae6746d7985e5c16ac2a68306aa6df877ff87f654f0ceed156feea203663dcfb17d3dfb9b9d6124a8dadca89d60a3dad2b7872568b68b8addb0a549b8ffce000744d42d8ee746509c9dc54fc04a0961cb27cfd719b2e360d9f8ee2732923e8777de9485f0457a7a488cd61f7a53b8844e2877553be7c783a5909c84dea20474349959c15c6376b0738070a9d94f745905898a92066e48acf4b6535a7bcd9b43b0857bf8b4aa97125e254d8efe519a9eb3060a42f0f141d42b932c52b5a0cb5dc386a6b2ce16"}]}]}}}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}, {0x1a0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x190, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VALUE={0x85, 0x1, "d6053c714ebcd7ac9b44dbc45e180ef67384efa6e1fdcf1fa68a306d38290cc8f0b3350fac0adb910e1db985811352ff05125adc4253a5ee0425eaed8f2d342d523ecf15c5d089870b5702c36e0aac992501d0e9d7c64b4b8ccfceab4ec7bb29b9c9d379f79065438a47feb698a74ca012527c9ac9430089105ac35ab0afe75339"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x61, 0x1, "a015764d238a328b240be009b96b21cf57a5015493a2173595caa9e8dbd3b8ed2a31e63313f408ea3c15092ddd95daddf94ece86e03eda28a23f2f2d378800699f48f3255feca10186b2924cc760fd4227b7dff783f72d48237e5cee1c"}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x4}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3}]}, {0x170, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x110, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x85, 0x1, "12d41270fd8799f09842b386fcbfdeee1b9d5a144689d13459c4170a4c94cfebfa65074cbd32b41816da841467357970d13cdd4e4578b73175f6cc9fbf05eec1640a6199f05cfbfb1c52b04c2722fde0f572a7495b18ff19a7fc0e2d183ba74958ca5d9ae16e446a42f93100abbf9194de082a01376711b191d25ea444cdb1a689"}]}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x48, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @dup={{0x8}, @void}}]}, {0x2c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_EXPR={0x20, 0x7, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, {0x4}]}]}, @NFT_MSG_DELOBJ={0x12c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0x99, 0x8, "746da3f6b99570512aac2793779706979e85b91c52cdc855f10f6f740fb5bbe11f971cf6253331cb7590269043cdba171cafb29d6a9f9fd176c03de4cb9cc5decf234224d8ad070b50c34d2370c5e941673b760018013f58aa7e2be272a07045a29c2dc660f603a516daac6ad30d42895720a9ba2eec967d343e0c7b25ca46cbb5fca1e503b4b1c93e670813cdfe08d889b849123e"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_USERDATA={0x49, 0x8, "265bb41be9c4efad856db0f5f447b705328a8b77f28eae678cb3d0693e19c3968194175c627b46b1720fe1f806ade798a57f6197a58c0d67d6f1011a790f5a433faf9c7c79"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x39}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}, @NFTA_SET_POLICY={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x28, 0x18, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x0, 0x0, 0x0, {0x2, 0x0, 0x7}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xb04}}, 0x4000000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

563.596107ms ago: executing program 1 (id=2713):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000019080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x28)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x20000004)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
close(r2)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x0, &(0x7f0000000040)})
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',access=', @ANYRESDEC=0x0, @ANYBLOB='\x00\x00'])
ioctl$HIDIOCSREPORT(r2, 0x400c4808, &(0x7f0000000140)={0x3, 0xfffffffc, 0x8})
setpgid(r1, 0x0)
setpgid(0x0, r1)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
syz_emit_ethernet(0x9a, &(0x7f0000000340)=ANY=[@ANYBLOB="79ee7ca42eeaaaaaaaaaaabb86dd6a00000000641100fe8000000000000000000000000000aaff0200000000000000000000000000014e1d4e200007"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000280)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x8000000000000000}}, 0x28)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0xfffffffffffffffe, 0x0, {0x7, 0x29, 0x0, 0x440, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x800000000000001)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})

419.139907ms ago: executing program 4 (id=2714):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, &(0x7f0000001e00)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064dd2f9ac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e13c4a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b670400d59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0618b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b6dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x130, 0xfffffffffffffffe, 0x210001, {0x3ffffffffffffffc, 0xfffffff7, 0x0, '\x00', {0x2fff, 0x0, 0x8000000000010000, 0x906, r2, r3, 0x0, '\x00', 0x6, 0x27efc00800000, 0x7e, 0x13, {0x1000000a, 0x7}, {0x7f, 0x3}, {0x5, 0x5}, {0xffffffffe}, 0x80008001, 0xa, 0xfffffffe, 0x5}}}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x24}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000300)=<r6=>0x0)
r7 = getegid()
setgroups(0x8, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, r7])
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000480)={'\x00', 0xfff9, 0x9, 0x9, 0x20000080, 0xe97, <r8=>r4})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000500)={{0x2, 0x0, r3, r6, r7, 0x8, 0x9}, 0x0, 0x0, 0x7fffffff, 0x8, 0x89, 0xfffffffffffffffa, 0x4, 0x7fff, 0x2, 0x4, 0x0, r8})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x11e)
mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f00000022c0), 0x0, &(0x7f0000000380)=ANY=[@ANYRES8=r7, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r1, @ANYBLOB=',default_permissions,allow_other,\x00'])
syz_open_procfs(0x0, &(0x7f00000000c0)='cgroup\x00')
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@generic={&(0x7f0000000080)='./file1\x00', r9}, 0x18)
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020}, 0x2020)
rmdir(&(0x7f0000000040)='./cgroup/../file0\x00')
gettid()
timer_create(0x6, 0x0, 0x0)

60.18605ms ago: executing program 0 (id=2715):
r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
unshare(0x1a010000)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = io_uring_setup(0x1ddd, &(0x7f0000000440)={0x0, 0x40000000, 0x0, 0xfffffffd, 0x8})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x3, 0xdde6f5e34f1fb078, 0x1, 0x2000, &(0x7f00008da000/0x2000)=nil})
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000740)={&(0x7f0000001000)}, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r4, 0x17, &(0x7f0000000300)={0x0}, 0x1)
eventfd2(0x0, 0x0)
getcwd(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r6=>0x0})
r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000ffa000/0x3000)=nil, &(0x7f000049a000/0x2000)=nil, 0x4, &(0x7f00000004c0)=[{0x2, 0x8}], 0x1, 0xbfb, 0x0, 0x28, 0x2e, 0x1})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c10f14d2fc7735809c47e32e93c100600000000000000470d491bb505de5fcbbfec8afbfe35271e9444a73c19e312", @ANYRES16=r0, @ANYRES8=r4, @ANYRES32=r6, @ANYBLOB="05003400a9000000080026006c0900001e001f0002000600040000000000000000c00009000000010009200000030000"], 0x4c}, 0x1, 0x0, 0x0, 0x4890}, 0x4010)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r9=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)

0s ago: executing program 4 (id=2716):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffff000000000000080445000030000000000001907800000000ffffffff2a009078000000004500000000"], 0x0)
open$dir(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$kcm(0x29, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x11, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000f, 0x30, r0, 0xd925000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000340), &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x0, 0x0, 0xeeeeeeee})
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r5=>0x0], &(0x7f0000000200), 0x3, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r4], &(0x7f0000000200), &(0x7f0000000580)=[r5], &(0x7f0000000040), 0x0, 0x1000000000000})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(0xffffffffffffffff, 0xc01864ba, &(0x7f0000000300)={0x7fffffff, 0x0, r4, 0x37373737})
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

kernel console output (not intermixed with test programs):

ing up backlog
[  643.052984][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.427753][T15070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2243'.
[  643.436725][T15070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2243'.
[  643.629992][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.972202][T15073] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.989839][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.028760][T15073] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.037775][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.123178][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.135511][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.975439][T15088] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  645.107107][T15088] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  645.117713][T15088] overlayfs: failed to look up (tracing) for ino (-66)
[  646.065773][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  646.070970][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  646.515408][T15108] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2253'.
[  646.575405][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  646.958660][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2255'.
[  646.975298][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2255'.
[  647.695471][T15131] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  647.828114][T15131] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  647.838226][T15131] overlayfs: failed to look up (tracing) for ino (-66)
[  648.677531][ T5867] net_ratelimit: 7 callbacks suppressed
[  648.677544][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.691998][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.830421][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.291080][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.299638][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.308080][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.733839][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  650.973107][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  651.296916][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  651.314827][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.349050][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.879877][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.961629][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  652.312714][T15186] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  652.441531][T15186] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  652.451664][T15186] overlayfs: failed to look up (tracing) for ino (-66)
[  654.289038][ T5867] net_ratelimit: 6 callbacks suppressed
[  654.289050][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  654.303074][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.382051][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.400660][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.409133][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.445752][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2278'.
[  655.455959][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2278'.
[  655.465012][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2278'.
[  655.473979][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2278'.
[  655.482906][T15214] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2278'.
[  655.799972][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.369974][ T5867] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  656.430264][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.452369][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.462633][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  656.529746][ T5867] usb 2-1: Using ep0 maxpacket: 16
[  656.559322][ T5867] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  656.607819][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  656.668396][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  656.716301][ T5867] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  656.764619][ T5867] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  656.794594][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  656.844216][ T5867] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  656.861844][ T5867] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  656.881309][T14849] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  656.894816][ T5867] usb 2-1: Manufacturer: syz
[  656.974207][ T5867] usb 2-1: config 0 descriptor??
[  657.439693][T15249] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  658.322373][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.539839][ T5867] rc_core: IR keymap rc-hauppauge not found
[  658.634264][ T5867] Registered IR keymap rc-empty
[  658.686797][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  658.799794][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  658.850515][ T5867] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  658.899839][ T5867] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input47
[  659.731831][ T5921] net_ratelimit: 2 callbacks suppressed
[  659.731848][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.745479][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.754285][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.861304][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  659.880465][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.929759][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  659.979770][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.005539][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.049861][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.099767][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.199786][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.227338][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  660.256969][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  660.269436][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  660.269739][ T1159] wlan1: Trigger new scan to find an IBSS to join
[  660.286417][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  660.296347][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  660.361877][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.509776][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.549726][ T5867] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  660.607141][ T5867] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  660.639156][ T5867] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  660.949840][ T5867] usb 2-1: USB disconnect, device number 35
[  660.967134][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.976607][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.469900][ T5921] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  661.494825][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.550121][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.589004][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  661.650117][ T5921] usb 1-1: Using ep0 maxpacket: 16
[  661.717082][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.768044][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  661.890155][T15302] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2289'.
[  661.934886][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  661.965846][T15302] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2289'.
[  661.999625][ T5921] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  662.024071][ T5921] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  662.059839][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.073111][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.135057][ T5921] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  662.159252][ T5921] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  662.210811][ T5921] usb 1-1: Manufacturer: syz
[  662.580631][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2301'.
[  662.591684][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2301'.
[  662.605341][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2301'.
[  662.619036][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2301'.
[  662.635842][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2301'.
[  662.653342][ T5921] usb 1-1: config 0 descriptor??
[  663.957044][T14849] wlan1: Trigger new scan to find an IBSS to join
[  664.149805][ T5921] rc_core: IR keymap rc-hauppauge not found
[  664.155764][ T5921] Registered IR keymap rc-empty
[  664.165943][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.239730][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.310870][ T5921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  664.370543][ T5921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input48
[  664.398632][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.427312][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.509933][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.569856][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  664.717143][ T5867] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  665.643862][T15326] mac80211_hwsim hwsim10 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  665.659781][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.679760][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.732076][   T29] net_ratelimit: 4 callbacks suppressed
[  665.732089][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.748134][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.770047][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.786547][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.839886][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.879736][ T5867] usb 6-1: Using ep0 maxpacket: 16
[  665.879841][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.922413][ T5867] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  665.929738][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  665.941227][  T106] wlan1: Creating new IBSS network, BSSID 52:2d:1a:be:2c:fe
[  665.949910][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.981020][ T5867] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  666.011391][ T5921] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  666.020190][ T5867] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  666.069707][ T5921] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  666.078791][ T5867] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  666.078821][ T5867] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  666.079741][ T5867] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  666.185850][ T5867] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  666.232608][ T5921] usb 1-1: USB disconnect, device number 31
[  666.242456][ T5867] usb 6-1: Manufacturer: syz
[  666.280162][ T5867] usb 6-1: config 0 descriptor??
[  666.690623][T15331] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  667.471140][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.497963][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.550110][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.588693][ T5867] rc_core: IR keymap rc-hauppauge not found
[  667.594754][ T5867] Registered IR keymap rc-empty
[  667.599891][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  667.617643][T15337] IPVS: rr: FWM 3 0x00000003 - no destination available
[  667.638554][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  667.694933][ T5867] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc1
[  667.768878][ T5867] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc1/input49
[  667.934467][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.270117][T14849] wlan1: Trigger new scan to find an IBSS to join
[  668.279884][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.314426][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.339723][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.409753][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.450005][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  668.467831][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.668053][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  668.676448][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  668.809725][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.829367][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  668.838478][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.846009][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  668.855012][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  668.864524][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  668.873433][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  668.900198][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.929805][ T5867] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  668.972130][ T5867] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  668.995377][ T5867] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  669.004920][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  669.024697][ T5867] usb 6-1: USB disconnect, device number 38
[  670.400411][  T106] wlan1: Trigger new scan to find an IBSS to join
[  670.425124][T15372] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  670.483937][   T12] wlan1: Selected IBSS BSSID 52:2d:1a:be:2c:fe based on configured SSID
[  671.183198][ T5921] net_ratelimit: 5 callbacks suppressed
[  671.183215][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.474506][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.483278][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.545847][T15397] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  671.673175][T15397] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  671.683258][T15397] overlayfs: failed to look up (tracing) for ino (-66)
[  672.513687][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.597944][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.158875][T15404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'.
[  673.311796][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'.
[  673.321241][T14849] wlan1: Trigger new scan to find an IBSS to join
[  673.357151][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'.
[  673.391292][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'.
[  673.429325][T15403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'.
[  673.552570][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.555799][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.639873][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.648128][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.969843][ T5867] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  674.180203][ T5867] usb 1-1: Using ep0 maxpacket: 8
[  674.392923][   T12] wlan1: Creating new IBSS network, BSSID 66:62:e6:d3:7e:b5
[  674.423550][ T5867] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  674.445109][ T5867] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  674.469743][ T5867] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  674.469875][   T12] wlan1: Creating new IBSS network, BSSID d2:16:a3:a8:8e:ff
[  674.516526][ T5867] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  674.556788][ T5867] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  674.579703][ T5867] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  674.598201][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.471858][ T5867] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  675.689802][   T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  675.809085][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.856647][ T5867] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  675.959703][   T24] usb 4-1: Using ep0 maxpacket: 8
[  675.986307][T15451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'.
[  676.003040][T15451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'.
[  676.018628][T15451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'.
[  676.031040][T15451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'.
[  676.040733][T15451] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2339'.
[  676.307490][   T24] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  676.325999][   T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  676.366349][   T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  676.386557][   T24] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  676.426994][   T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  676.487709][   T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  676.507047][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.515463][ T5867] net_ratelimit: 3 callbacks suppressed
[  676.515477][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  676.574229][   T24] usbtmc 4-1:16.0: bulk endpoints not found
[  676.590781][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  676.673040][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.011521][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.599717][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  678.074959][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  678.227304][  T976] usb 1-1: USB disconnect, device number 32
[  678.670117][ T5867] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.109459][ T5867] usb 4-1: USB disconnect, device number 25
[  679.159958][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.354660][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  679.392064][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  679.402960][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  679.414908][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  679.424591][T15511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'.
[  679.629917][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.710017][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.979033][T15522] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  680.099509][T15522] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  680.109599][T15522] overlayfs: failed to look up (tracing) for ino (-66)
[  680.266511][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  681.054801][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  682.044976][   T24] net_ratelimit: 5 callbacks suppressed
[  682.044995][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.423213][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.552530][   T24] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  682.669793][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.730313][   T24] usb 4-1: Using ep0 maxpacket: 8
[  682.746857][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  682.750227][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.792903][   T24] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  682.807350][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.845690][   T24] usb 4-1: config 0 descriptor??
[  683.070353][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.100695][T15545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.119909][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.151738][   T24] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  683.265911][T15545] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.274455][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.481845][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  683.504230][T15552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2362'.
[  684.056259][ T5916] usb 4-1: USB disconnect, device number 26
[  684.062242][    C0] iowarrior 4-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  685.489267][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  685.656879][T15573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2364'.
[  685.673000][T15573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2364'.
[  686.847687][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  686.866614][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  686.877387][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  686.890127][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  686.901228][T15587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2368'.
[  687.260085][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  687.875768][   T24] net_ratelimit: 8 callbacks suppressed
[  687.875785][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.896955][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.722161][   T30] audit: type=1326 audit(1771314065.188:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15608 comm="syz.4.2366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f443bb9bf79 code=0x0
[  689.022822][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.031533][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.054108][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.072530][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  689.406223][T15631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2376'.
[  689.415172][T15631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2376'.
[  689.887638][ T6948] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  690.113970][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  690.122329][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  690.395975][T15656] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  690.530477][T15656] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  690.567770][T15656] overlayfs: failed to look up (tracing) for ino (-66)
[  691.330219][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.797063][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.980409][   T24] net_ratelimit: 5 callbacks suppressed
[  693.980426][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  694.003791][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  694.362301][T15699] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2388'.
[  694.547769][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  694.846989][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.110355][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.120459][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.134888][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.154447][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  695.593798][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  696.545601][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  696.561191][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.599887][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.839839][    T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  698.020681][    T9] usb 5-1: Using ep0 maxpacket: 8
[  698.054214][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  698.084014][    T9] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  698.140325][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.214225][    T9] usb 5-1: config 0 descriptor??
[  698.450696][    T9] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  698.751604][ T5921] usb 5-1: USB disconnect, device number 21
[  698.757521][    C0] iowarrior 5-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  699.278509][T15760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2403'.
[  699.287450][T15760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2403'.
[  699.931146][  T792] net_ratelimit: 10 callbacks suppressed
[  699.931159][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  699.945134][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.414458][T15770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2406'.
[  700.423396][T15770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2406'.
[  700.442179][ T1159] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  700.656338][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.919726][    T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  700.990145][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.998438][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  701.119756][    T9] usb 5-1: Using ep0 maxpacket: 16
[  701.129920][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  701.151013][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.175547][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  701.219749][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  701.234478][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  701.247713][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  701.268893][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  701.288774][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  701.318343][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  701.328149][    T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  701.348150][    T9] usb 5-1: Manufacturer: syz
[  701.371972][    T9] usb 5-1: config 0 descriptor??
[  701.769713][    T9] rc_core: IR keymap rc-hauppauge not found
[  701.853021][T15798] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  701.988815][T15798] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  701.998892][T15798] overlayfs: failed to look up (tracing) for ino (-66)
[  702.172866][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.249911][  T792] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  702.704360][ T6948] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  702.719726][  T792] usb 2-1: Using ep0 maxpacket: 16
[  702.729901][  T792] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  702.740532][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.764895][    T9] Registered IR keymap rc-empty
[  702.778937][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  702.779154][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  702.816036][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  702.825843][  T792] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  702.836420][  T792] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  702.851467][  T792] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  703.100023][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.216752][  T792] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  703.240197][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.250509][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  703.272363][  T792] usb 2-1: Manufacturer: syz
[  703.307362][  T792] usb 2-1: config 0 descriptor??
[  703.570560][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input50
[  703.661452][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.706693][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.751070][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.792738][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.849764][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.869795][ T5916] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  703.883025][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.922074][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.939067][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  703.969758][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  703.989725][  T792] rc_core: IR keymap rc-hauppauge not found
[  704.014712][  T792] Registered IR keymap rc-empty
[  704.029118][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  704.039929][ T5916] usb 1-1: Using ep0 maxpacket: 16
[  704.043196][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.048639][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  704.062883][    T9] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  704.089746][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  704.111873][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.112870][    T9] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  704.139716][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  704.168494][    T9] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  704.183284][ T5916] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  704.190527][  T792] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc1
[  704.199906][    T9] usb 5-1: USB disconnect, device number 22
[  704.216549][ T5916] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  704.250990][ T5916] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  704.281634][  T792] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc1/input51
[  704.290341][ T5916] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  704.321657][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.358902][    C1] rc rc1: IR event FIFO is full!
[  704.359746][ T5916] usb 1-1: Manufacturer: syz
[  704.363876][    C1] rc rc1: IR event FIFO is full!
[  704.373372][    C1] rc rc1: IR event FIFO is full!
[  704.378309][    C1] rc rc1: IR event FIFO is full!
[  704.380557][ T5916] usb 1-1: config 0 descriptor??
[  704.384181][    C1] rc rc1: IR event FIFO is full!
[  704.393071][    C1] rc rc1: IR event FIFO is full!
[  704.398001][    C1] rc rc1: IR event FIFO is full!
[  704.402924][    C1] rc rc1: IR event FIFO is full!
[  704.407857][    C1] rc rc1: IR event FIFO is full!
[  704.413486][    C1] rc rc1: IR event FIFO is full!
[  704.418416][    C1] rc rc1: IR event FIFO is full!
[  704.423333][    C1] rc rc1: IR event FIFO is full!
[  704.428251][    C1] rc rc1: IR event FIFO is full!
[  704.433179][    C1] rc rc1: IR event FIFO is full!
[  704.438098][    C1] rc rc1: IR event FIFO is full!
[  704.443570][    C1] rc rc1: IR event FIFO is full!
[  704.448506][    C1] rc rc1: IR event FIFO is full!
[  704.453435][    C1] rc rc1: IR event FIFO is full!
[  704.458348][    C1] rc rc1: IR event FIFO is full!
[  704.464054][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.489775][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.500640][ T1040] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  704.519871][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.552513][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.579805][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.599805][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.639832][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.680523][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.730028][  T792] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  704.748740][ T5916] rc_core: IR keymap rc-hauppauge not found
[  704.761770][  T792] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  704.771942][  T792] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  704.796647][  T792] usb 2-1: USB disconnect, device number 36
[  704.797584][ T5916] Registered IR keymap rc-empty
[  704.828492][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  704.878507][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  704.943378][ T5916] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  704.988814][ T5916] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input52
[  705.008467][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.036156][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.065868][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.104364][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.142404][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.320398][   T24] net_ratelimit: 6 callbacks suppressed
[  705.320414][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  705.437530][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.492148][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.529754][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.559971][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.583900][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  705.596283][ T5916] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  705.651379][ T5916] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  705.662810][ T5916] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  705.679574][ T5916] usb 1-1: USB disconnect, device number 33
[  705.844700][   T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  705.879965][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  706.030089][   T24] usb 4-1: Using ep0 maxpacket: 16
[  706.068005][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  706.198639][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  706.286712][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  706.341913][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  706.417043][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  706.573903][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  706.649962][   T24] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  706.728315][   T24] usb 4-1: Manufacturer: syz
[  706.845211][   T24] usb 4-1: config 0 descriptor??
[  706.926885][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  706.968024][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  706.980825][T15865] trusted_key: encrypted_key: master key parameter 'ž¼' is invalid
[  707.459714][   T24] rc_core: IR keymap rc-hauppauge not found
[  707.468918][   T24] Registered IR keymap rc-empty
[  707.475658][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  707.499815][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  707.630442][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.638965][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.670965][   T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  707.762015][   T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input53
[  707.785208][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  707.827172][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  707.874099][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  707.898937][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  708.662022][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  708.677724][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  708.693354][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  708.737147][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  708.760833][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  708.774199][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  708.848697][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  709.114428][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  709.159761][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  709.209755][   T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  709.261354][   T24] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  709.287747][   T24] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  709.353051][   T24] usb 4-1: USB disconnect, device number 27
[  709.523471][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2439'.
[  709.578069][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2439'.
[  709.618215][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2439'.
[  710.192141][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.209089][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.322122][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2439'.
[  710.356779][T15893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2439'.
[  710.391969][T15899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2440'.
[  710.619776][ T5916] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  710.741189][  T976] net_ratelimit: 1 callbacks suppressed
[  710.741211][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.755124][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.919858][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  710.978200][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  711.064784][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  711.114388][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  711.149873][ T5916] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  711.181190][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  711.233931][ T5916] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  711.244971][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.245350][ T5916] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  711.255777][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.262415][ T5916] usb 2-1: Manufacturer: syz
[  711.292085][ T5916] usb 2-1: config 0 descriptor??
[  711.779830][ T5916] rc_core: IR keymap rc-hauppauge not found
[  711.863067][T15927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.877120][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  711.889700][ T5916] Registered IR keymap rc-empty
[  711.907030][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  711.987059][T15928] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  712.125974][T15928] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  712.158980][T15928] overlayfs: failed to look up (tracing) for ino (-66)
[  712.841494][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.866580][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.874697][T15927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.883058][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.920324][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  713.216000][ T5916] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  713.231083][ T5916] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input54
[  714.075002][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.102791][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.225661][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.282702][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  714.292455][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.312480][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  714.375642][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.464427][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.510998][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.554581][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.609751][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.649734][ T5916] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  714.700596][ T5916] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  714.721531][ T5916] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  714.745999][ T5916] usb 2-1: USB disconnect, device number 37
[  714.856936][T15949] usb usb8: usbfs: process 15949 (syz.5.2449) did not claim interface 0 before use
[  716.345211][ T6326] net_ratelimit: 7 callbacks suppressed
[  716.345226][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.359264][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.397242][T15975] trusted_key: encrypted_key: master key parameter 'ž¼' is invalid
[  717.089594][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  717.101388][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  717.442199][T15988] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  717.582829][T15988] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  717.592926][T15988] overlayfs: failed to look up (tracing) for ino (-66)
[  717.885546][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  718.305712][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  718.997851][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.310454][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.396976][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  719.862138][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.911124][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  720.106976][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  720.179750][ T5916] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  720.380081][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  720.586997][ T5916] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  720.641047][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  720.680690][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  720.709210][ T5916] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  720.723998][ T5916] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  721.021615][ T5916] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  721.069852][ T5916] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  721.128477][ T5916] usb 5-1: Manufacturer: syz
[  721.158963][ T5916] usb 5-1: config 0 descriptor??
[  721.403729][ T5807] net_ratelimit: 7 callbacks suppressed
[  721.403746][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  721.554653][T16036] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  721.689183][T16036] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  721.721493][T16036] overlayfs: failed to look up (tracing) for ino (-66)
[  722.429834][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.453005][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.899688][ T5916] rc_core: IR keymap rc-hauppauge not found
[  722.919520][ T5916] Registered IR keymap rc-empty
[  722.936270][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.068693][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'.
[  723.118898][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'.
[  723.133113][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'.
[  723.145051][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'.
[  723.156200][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'.
[  723.280812][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.289778][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.298031][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.312709][ T5916] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  723.326172][ T5916] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input55
[  723.368062][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.474176][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2470'.
[  723.483123][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2470'.
[  723.546828][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.589743][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.590258][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.608373][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.631732][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.663338][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.718110][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  723.908452][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  724.225456][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  724.234606][   T30] audit: type=1326 audit(1771314100.868:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16044 comm="syz.4.2473" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f443bb9bf79 code=0x0
[  724.670568][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  724.736648][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  724.969806][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  725.032736][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  725.071703][ T5916] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  725.692676][ T5916] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  726.009559][ T5916] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  726.030097][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2478'.
[  726.065631][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2478'.
[  726.074703][T16062] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2478'.
[  726.083869][ T5916] usb 5-1: USB disconnect, device number 23
[  726.530469][T14849] net_ratelimit: 4 callbacks suppressed
[  726.530482][T14849] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  726.544666][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  726.553280][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  727.506836][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  727.520244][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  727.609608][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  728.593528][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  728.632024][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.050154][T16100] FAULT_INJECTION: forcing a failure.
[  729.050154][T16100] name failslab, interval 1, probability 0, space 0, times 0
[  729.093838][T16100] CPU: 1 UID: 0 PID: 16100 Comm: syz.1.2489 Not tainted syzkaller #0 PREEMPT(full) 
[  729.093863][T16100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  729.093873][T16100] Call Trace:
[  729.093880][T16100]  <TASK>
[  729.093886][T16100]  dump_stack_lvl+0x100/0x190
[  729.093919][T16100]  should_fail_ex.cold+0x5/0xa
[  729.093939][T16100]  ? fib_nl2rule.constprop.0+0x315/0x1c50
[  729.093962][T16100]  should_failslab+0xc2/0x120
[  729.093986][T16100]  __kmalloc_noprof+0xe0/0x850
[  729.094012][T16100]  fib_nl2rule.constprop.0+0x315/0x1c50
[  729.094033][T16100]  ? __pfx_fib_nl2rule.constprop.0+0x10/0x10
[  729.094055][T16100]  ? __nla_parse+0x40/0x60
[  729.094080][T16100]  fib_delrule+0x21d/0x1c40
[  729.094100][T16100]  ? find_held_lock+0x2b/0x80
[  729.094120][T16100]  ? __pfx_fib_delrule+0x10/0x10
[  729.094138][T16100]  ? avc_has_perm_noaudit+0xe0/0x3b0
[  729.094172][T16100]  ? find_held_lock+0x2b/0x80
[  729.094187][T16100]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  729.094205][T16100]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  729.094225][T16100]  ? __pfx_fib_nl_delrule+0x10/0x10
[  729.094244][T16100]  rtnetlink_rcv_msg+0x95e/0xe90
[  729.094264][T16100]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  729.094288][T16100]  ? ref_tracker_free+0x37e/0x6c0
[  729.094307][T16100]  netlink_rcv_skb+0x159/0x420
[  729.094328][T16100]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  729.094347][T16100]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  729.094374][T16100]  ? netlink_deliver_tap+0x1ae/0xcc0
[  729.094396][T16100]  netlink_unicast+0x5aa/0x870
[  729.094419][T16100]  ? __pfx_netlink_unicast+0x10/0x10
[  729.094445][T16100]  netlink_sendmsg+0x8b0/0xda0
[  729.094474][T16100]  ? __pfx_netlink_sendmsg+0x10/0x10
[  729.094492][T16100]  ? __might_fault+0xc0/0x140
[  729.094514][T16100]  ____sys_sendmsg+0xa54/0xc30
[  729.094538][T16100]  ? __pfx_____sys_sendmsg+0x10/0x10
[  729.094567][T16100]  ___sys_sendmsg+0x190/0x1e0
[  729.094582][T16100]  ? __pfx____sys_sendmsg+0x10/0x10
[  729.094618][T16100]  __sys_sendmsg+0x170/0x220
[  729.094637][T16100]  ? __pfx___sys_sendmsg+0x10/0x10
[  729.094666][T16100]  do_syscall_64+0x106/0xf80
[  729.094684][T16100]  ? clear_bhb_loop+0x40/0x90
[  729.094701][T16100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.094714][T16100] RIP: 0033:0x7fad7859bf79
[  729.094727][T16100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  729.094740][T16100] RSP: 002b:00007fad79500028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  729.094754][T16100] RAX: ffffffffffffffda RBX: 00007fad78815fa0 RCX: 00007fad7859bf79
[  729.094763][T16100] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  729.094772][T16100] RBP: 00007fad79500090 R08: 0000000000000000 R09: 0000000000000000
[  729.094780][T16100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.094788][T16100] R13: 00007fad78816038 R14: 00007fad78815fa0 R15: 00007ffe84c76888
[  729.094807][T16100]  </TASK>
[  729.390543][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.399351][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.872463][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  730.137628][T16111] __nla_validate_parse: 7 callbacks suppressed
[  730.137647][T16111] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2492'.
[  730.311207][ T5129] Bluetooth: hci3: unexpected event for opcode 0x0c20
[  732.318538][ T5807] net_ratelimit: 4 callbacks suppressed
[  732.318555][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.338562][ T1159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.346665][ T1159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.365373][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.389721][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.562672][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  733.278694][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  733.414175][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  733.426719][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  733.551759][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  734.167134][   T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  734.366572][   T30] audit: type=1400 audit(1771314111.248:430): avc:  denied  { read write } for  pid=16162 comm="syz.1.2504" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  734.456357][   T30] audit: type=1400 audit(1771314111.248:431): avc:  denied  { open } for  pid=16162 comm="syz.1.2504" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  734.464211][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  735.523232][   T30] audit: type=1326 audit(1771314112.348:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16180 comm="syz.1.2508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad7859bf79 code=0x0
[  735.572462][ T1159] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  736.199751][ T5921] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  736.389759][ T5921] usb 1-1: Using ep0 maxpacket: 16
[  736.413975][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  736.457632][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  736.504706][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  736.549731][ T5921] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  736.594833][ T5921] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  736.653005][ T5921] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  736.691890][ T5921] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  736.729898][ T5921] usb 1-1: Manufacturer: syz
[  736.770536][ T5921] usb 1-1: config 0 descriptor??
[  737.171099][ T5921] rc_core: IR keymap rc-hauppauge not found
[  737.200400][ T5921] Registered IR keymap rc-empty
[  737.238712][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.289898][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.330796][ T5921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  737.374859][ T5921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input56
[  737.438897][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.502034][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.550027][   T13] net_ratelimit: 7 callbacks suppressed
[  737.550042][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.559968][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.564278][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.605306][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.639773][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.643617][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.655095][   T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.758364][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  737.980644][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  738.069813][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  738.081743][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.091223][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.100299][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.109733][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.118624][T16208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.169936][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  738.219863][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  738.279982][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  738.411993][ T5921] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  738.443160][ T5921] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  738.482981][   T30] audit: type=1400 audit(1771314115.358:433): avc:  denied  { write } for  pid=16215 comm="syz.1.2517" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  738.517377][ T5921] usb 1-1: USB disconnect, device number 34
[  738.586577][T16219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2516'.
[  738.596465][T16219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2516'.
[  738.670185][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.688150][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.696965][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.708550][T16221] netlink: 'syz.1.2517': attribute type 2 has an invalid length.
[  738.804217][T16221] ‚#{6c: entered promiscuous mode
[  738.992587][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  739.065755][T16232] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.552832][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  741.579709][  T976] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  741.740516][ T5921] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  741.759777][  T976] usb 5-1: Using ep0 maxpacket: 8
[  741.772572][  T976] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  741.797001][  T976] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  741.816509][T16255] mac80211_hwsim hwsim10 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  741.863775][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.891283][  T976] usb 5-1: config 0 descriptor??
[  741.949682][ T5921] usb 1-1: Using ep0 maxpacket: 16
[  741.957327][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  741.974262][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  742.004937][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  742.030223][ T5921] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  742.047163][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  742.050749][ T5921] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  742.124308][  T976] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  742.145570][ T5921] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  742.162586][ T5921] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  742.170860][ T5921] usb 1-1: Manufacturer: syz
[  742.211592][ T5921] usb 1-1: config 0 descriptor??
[  742.437430][  T976] usb 5-1: USB disconnect, device number 24
[  742.443492][    C0] iowarrior 5-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  742.629715][ T5921] rc_core: IR keymap rc-hauppauge not found
[  742.696281][ T5921] Registered IR keymap rc-empty
[  742.701613][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  742.729751][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  743.680525][  T976] net_ratelimit: 9 callbacks suppressed
[  743.680543][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  743.723576][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  743.739748][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  743.773297][T16271] trusted_key: encrypted_key: master key parameter 'ž¼' is invalid
[  743.830937][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.106837][  T976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.116229][ T5921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  744.134037][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.222173][ T5921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input57
[  744.299477][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.350057][T14849] wlan1: Trigger new scan to find an IBSS to join
[  744.356556][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.399719][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.440930][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.493113][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.563990][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.591305][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.755764][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.763911][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.772563][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  744.773356][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.919793][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  744.920013][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  744.971298][ T5921] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  745.973774][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  746.020813][ T5921] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  746.067895][ T5921] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  746.132618][ T5921] usb 1-1: USB disconnect, device number 35
[  747.105489][   T30] audit: type=1400 audit(1771314123.988:434): avc:  denied  { connect } for  pid=16305 comm="syz.4.2536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  748.513714][   T49] wlan1: Trigger new scan to find an IBSS to join
[  748.562659][T16317] trusted_key: encrypted_key: master key parameter 'ž¼' is invalid
[  749.239967][    T9] net_ratelimit: 7 callbacks suppressed
[  749.239980][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.346903][ T5129] Bluetooth: hci4: Malformed Event: 0x2f
[  749.550711][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.867190][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.876381][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.886046][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.899929][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.285161][T16331] FAULT_INJECTION: forcing a failure.
[  750.285161][T16331] name failslab, interval 1, probability 0, space 0, times 0
[  750.318454][T16331] CPU: 0 UID: 0 PID: 16331 Comm: syz.1.2544 Not tainted syzkaller #0 PREEMPT(full) 
[  750.318475][T16331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  750.318482][T16331] Call Trace:
[  750.318486][T16331]  <TASK>
[  750.318490][T16331]  dump_stack_lvl+0x100/0x190
[  750.318511][T16331]  should_fail_ex.cold+0x5/0xa
[  750.318525][T16331]  ? tomoyo_realpath_from_path+0xb6/0x690
[  750.318538][T16331]  should_failslab+0xc2/0x120
[  750.318555][T16331]  __kmalloc_noprof+0xe0/0x850
[  750.318571][T16331]  tomoyo_realpath_from_path+0xb6/0x690
[  750.318585][T16331]  tomoyo_path_number_perm+0x23c/0x580
[  750.318601][T16331]  ? tomoyo_path_number_perm+0x22e/0x580
[  750.318617][T16331]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  750.318647][T16331]  ? find_held_lock+0x2b/0x80
[  750.318661][T16331]  ? __fget_files+0x215/0x3d0
[  750.318676][T16331]  ? hook_file_ioctl_common+0x146/0x410
[  750.318691][T16331]  ? __fget_files+0x21f/0x3d0
[  750.318710][T16331]  security_file_ioctl+0xd3/0x230
[  750.318728][T16331]  __x64_sys_ioctl+0xb7/0x210
[  750.318743][T16331]  do_syscall_64+0x106/0xf80
[  750.318758][T16331]  ? clear_bhb_loop+0x40/0x90
[  750.318771][T16331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.318783][T16331] RIP: 0033:0x7fad7859bc0b
[  750.318792][T16331] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  750.318803][T16331] RSP: 002b:00007fad794fff00 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  750.318815][T16331] RAX: ffffffffffffffda RBX: 00007fad78651500 RCX: 00007fad7859bc0b
[  750.318822][T16331] RDX: 00007fad794fffc0 RSI: 000000004020ae46 RDI: 0000000000000004
[  750.318829][T16331] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000200000c00000
[  750.318835][T16331] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000003fa000
[  750.318841][T16331] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  750.318855][T16331]  </TASK>
[  750.318860][T16331] ERROR: Out of memory at tomoyo_realpath_from_path.
[  750.573430][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  750.591718][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.936564][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.949415][ T1159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.964726][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  750.979958][ T1040] wlan1: Creating new IBSS network, BSSID da:0a:8a:30:f2:09
[  751.001653][  T792] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  751.205069][  T792] usb 2-1: Using ep0 maxpacket: 8
[  751.235031][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  751.302807][  T792] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  751.363171][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.430205][  T792] usb 2-1: config 0 descriptor??
[  751.665153][T16347] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2549'.
[  751.852290][T16352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2551'.
[  751.861217][T16352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2551'.
[  752.129664][  T792] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  752.375691][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'.
[  752.418911][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'.
[  752.487980][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'.
[  752.490051][  T792] usb 2-1: USB disconnect, device number 38
[  752.537449][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'.
[  752.556850][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'.
[  752.597798][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  752.772946][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  753.008080][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  753.229843][  T976] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  753.956967][  T976] usb 1-1: Using ep0 maxpacket: 16
[  753.978670][  T976] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  754.019983][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  754.053588][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  754.140121][  T976] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  754.159845][  T976] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  754.199924][  T976] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  754.209219][  T976] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  754.219354][  T976] usb 1-1: Manufacturer: syz
[  754.250632][  T976] usb 1-1: config 0 descriptor??
[  754.749298][T16400] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  754.909838][  T792] net_ratelimit: 13 callbacks suppressed
[  754.909855][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  754.999690][ T5921] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  755.025309][  T976] rc_core: IR keymap rc-hauppauge not found
[  755.045546][  T976] Registered IR keymap rc-empty
[  755.070256][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.079285][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.110393][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.131042][   T30] audit: type=1400 audit(1771314132.018:435): avc:  denied  { bind } for  pid=16404 comm="syz.4.2565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  755.139773][  T976] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  755.199715][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  755.209824][  T976] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input58
[  755.259557][ T5921] usb 4-1: unable to get BOS descriptor or descriptor too short
[  755.268463][ T5921] usb 4-1: config 16 has an invalid interface number: 175 but max is 0
[  755.280032][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.297165][ T5921] usb 4-1: config 16 has no interface number 0
[  755.314325][ T5921] usb 4-1: New USB device found, idVendor=05d1, idProduct=9007, bcdDevice=32.00
[  755.316525][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.324940][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.345699][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.375448][ T5921] usb 4-1: Product: syz
[  755.379789][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.458526][T16408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.466919][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.631666][ T1159] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.642104][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.651841][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  755.822985][ T5921] usb 4-1: Manufacturer: syz
[  755.827604][ T5921] usb 4-1: SerialNumber: syz
[  755.839696][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.859716][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.879697][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.899707][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.920314][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.949770][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  755.969722][  T976] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.042208][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  756.086112][ T5921] ftdi_sio 4-1:16.175: FTDI USB Serial Device converter detected
[  756.093508][   T30] audit: type=1400 audit(1771314132.978:436): avc:  denied  { connect } for  pid=16413 comm="syz.4.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  756.114092][ T5921] usb 4-1: Detected FT233HP
[  756.114477][ T5921] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  756.114780][ T5921] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  756.264709][  T976] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  756.509312][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  756.550243][  T976] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  756.568987][ T5921] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  756.594889][  T976] usb 1-1: USB disconnect, device number 36
[  756.606234][ T5921] usb 4-1: USB disconnect, device number 28
[  756.641223][T16423] FAULT_INJECTION: forcing a failure.
[  756.641223][T16423] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  756.654911][ T5921] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  756.669879][ T5921] ftdi_sio 4-1:16.175: device disconnected
[  756.676349][T16423] CPU: 0 UID: 0 PID: 16423 Comm: syz.4.2569 Not tainted syzkaller #0 PREEMPT(full) 
[  756.676364][T16423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  756.676371][T16423] Call Trace:
[  756.676375][T16423]  <TASK>
[  756.676379][T16423]  dump_stack_lvl+0x100/0x190
[  756.676400][T16423]  should_fail_ex.cold+0x5/0xa
[  756.676415][T16423]  _copy_to_user+0x32/0xd0
[  756.676436][T16423]  simple_read_from_buffer+0xcb/0x170
[  756.676453][T16423]  proc_fail_nth_read+0x1af/0x230
[  756.676467][T16423]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.676481][T16423]  ? rw_verify_area+0xce/0x6d0
[  756.676493][T16423]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.676506][T16423]  vfs_read+0x1e4/0xb30
[  756.676522][T16423]  ? __pfx_vfs_read+0x10/0x10
[  756.676535][T16423]  ? __fget_files+0x215/0x3d0
[  756.676554][T16423]  ? __fget_files+0x21f/0x3d0
[  756.676574][T16423]  ksys_read+0x12a/0x250
[  756.676588][T16423]  ? __pfx_ksys_read+0x10/0x10
[  756.676606][T16423]  do_syscall_64+0x106/0xf80
[  756.676621][T16423]  ? clear_bhb_loop+0x40/0x90
[  756.676634][T16423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.676645][T16423] RIP: 0033:0x7f443bb5c84e
[  756.676655][T16423] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  756.676665][T16423] RSP: 002b:00007f443cab3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  756.676676][T16423] RAX: ffffffffffffffda RBX: 00007f443cab46c0 RCX: 00007f443bb5c84e
[  756.676696][T16423] RDX: 000000000000000f RSI: 00007f443cab40a0 RDI: 0000000000000005
[  756.676702][T16423] RBP: 00007f443cab4090 R08: 0000000000000000 R09: 0000000000000000
[  756.676711][T16423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  756.676720][T16423] R13: 00007f443be16038 R14: 00007f443be15fa0 R15: 00007ffde3fe1248
[  756.676748][T16423]  </TASK>
[  757.537848][ T1040] wlan1: Trigger new scan to find an IBSS to join
[  757.570837][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  758.010071][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  758.253573][T16445] mac80211_hwsim hwsim6 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  759.513082][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'.
[  759.750229][T16460] /dev/nullb0: Can't open blockdev
[  760.489674][   T30] audit: type=1326 audit(1771314136.628:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  760.524171][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'.
[  760.534358][   T30] audit: type=1326 audit(1771314136.628:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  760.535611][ T6326] net_ratelimit: 7 callbacks suppressed
[  760.535621][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.619150][T16462] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.627432][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.679794][   T30] audit: type=1326 audit(1771314136.628:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  760.942035][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.050221][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'.
[  761.081976][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'.
[  761.127299][   T30] audit: type=1326 audit(1771314136.638:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  761.413155][T14849] wlan1: Trigger new scan to find an IBSS to join
[  761.420119][ T1040] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.428964][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.443746][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'.
[  761.453107][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'.
[  761.462147][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'.
[  761.471144][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'.
[  761.480097][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'.
[  761.491547][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.505333][T16457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2571'.
[  761.553994][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.569298][   T30] audit: type=1326 audit(1771314136.638:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  761.628894][   T30] audit: type=1326 audit(1771314136.648:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  761.687443][   T30] audit: type=1326 audit(1771314136.648:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  761.827378][   T30] audit: type=1326 audit(1771314136.648:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  761.866996][T16479] Cannot find add_set index 0 as target
[  761.874717][   T30] audit: type=1326 audit(1771314136.658:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  762.270426][   T13] wlan1: Trigger new scan to find an IBSS to join
[  762.276673][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  762.288179][   T30] audit: type=1326 audit(1771314136.658:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16452 comm="syz.5.2578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9742f9bf79 code=0x7ffc0000
[  762.294128][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  764.708430][T16512] binder: 16506:16512 ioctl c0306201 200000000640 returned -22
[  764.720890][T16514] FAULT_INJECTION: forcing a failure.
[  764.720890][T16514] name failslab, interval 1, probability 0, space 0, times 0
[  764.762698][T16514] CPU: 1 UID: 0 PID: 16514 Comm: syz.3.2593 Not tainted syzkaller #0 PREEMPT(full) 
[  764.762720][T16514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  764.762731][T16514] Call Trace:
[  764.762737][T16514]  <TASK>
[  764.762744][T16514]  dump_stack_lvl+0x100/0x190
[  764.762777][T16514]  should_fail_ex.cold+0x5/0xa
[  764.762800][T16514]  should_failslab+0xc2/0x120
[  764.762826][T16514]  __kmalloc_cache_noprof+0x7a/0x6f0
[  764.762844][T16514]  ? cfg80211_set_encryption+0x132b/0x2190
[  764.762872][T16514]  cfg80211_set_encryption+0x132b/0x2190
[  764.762902][T16514]  cfg80211_wext_siwencodeext+0x5a5/0xa30
[  764.762928][T16514]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  764.762952][T16514]  ? __might_fault+0xc5/0x140
[  764.762972][T16514]  ? __might_fault+0xc5/0x140
[  764.763002][T16514]  ioctl_standard_iw_point+0x5b4/0xc90
[  764.763030][T16514]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  764.763057][T16514]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  764.763090][T16514]  ? dev_load+0x8e/0x240
[  764.763109][T16514]  ? full_name_hash+0xbc/0x100
[  764.763125][T16514]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  764.763148][T16514]  ioctl_standard_call+0x167/0x1d0
[  764.763174][T16514]  ? __pfx_ioctl_standard_call+0x10/0x10
[  764.763198][T16514]  ? __pfx_cfg80211_wext_siwencodeext+0x10/0x10
[  764.763221][T16514]  wext_ioctl_dispatch.constprop.0+0x312/0x3e0
[  764.763251][T16514]  wext_handle_ioctl+0x105/0x1b0
[  764.763278][T16514]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  764.763309][T16514]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  764.763332][T16514]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  764.763369][T16514]  sock_ioctl+0x2d4/0x6b0
[  764.763389][T16514]  ? __pfx_sock_ioctl+0x10/0x10
[  764.763405][T16514]  ? hook_file_ioctl_common+0x146/0x410
[  764.763434][T16514]  ? selinux_file_ioctl+0x139/0x290
[  764.763450][T16514]  ? selinux_file_ioctl+0xb4/0x290
[  764.763469][T16514]  ? __pfx_sock_ioctl+0x10/0x10
[  764.763488][T16514]  __x64_sys_ioctl+0x18e/0x210
[  764.763512][T16514]  do_syscall_64+0x106/0xf80
[  764.763536][T16514]  ? clear_bhb_loop+0x40/0x90
[  764.763558][T16514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.763576][T16514] RIP: 0033:0x7fd79d79bf79
[  764.763591][T16514] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  764.763614][T16514] RSP: 002b:00007fd79e6a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  764.763632][T16514] RAX: ffffffffffffffda RBX: 00007fd79da15fa0 RCX: 00007fd79d79bf79
[  764.763644][T16514] RDX: 0000200000000000 RSI: 0000000000008b34 RDI: 0000000000000003
[  764.763655][T16514] RBP: 00007fd79e6a5090 R08: 0000000000000000 R09: 0000000000000000
[  764.763665][T16514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  764.763676][T16514] R13: 00007fd79da16038 R14: 00007fd79da15fa0 R15: 00007fff47ac62d8
[  764.763701][T16514]  </TASK>
[  765.310119][   T49] wlan1: Trigger new scan to find an IBSS to join
[  765.421869][   T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  765.527404][T16529] __nla_validate_parse: 5 callbacks suppressed
[  765.527436][T16529] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2595'.
[  766.709015][ T5807] net_ratelimit: 12 callbacks suppressed
[  766.709028][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.723120][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.742105][T16530] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  767.153975][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.163632][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.173066][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.303570][   T49] wlan1: Creating new IBSS network, BSSID 32:a0:de:ea:02:c4
[  767.308225][ T5887] usb 4-1: new low-speed USB device number 29 using dummy_hcd
[  767.629419][ T5887] usb 4-1: unable to get BOS descriptor or descriptor too short
[  767.648719][ T5887] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  767.686442][ T5887] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 32, setting to 0
[  767.699466][ T5887] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 19, changing to 4
[  767.712255][ T5887] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 479, setting to 0
[  767.723059][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.731387][ T5807] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  767.748389][ T5887] usb 4-1: config 1 interface 1 has no altsetting 0
[  767.822596][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.909876][ T5807] usb 1-1: Using ep0 maxpacket: 16
[  768.060385][ T5887] usb 4-1: string descriptor 0 read error: -22
[  768.153258][ T5887] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  768.153874][ T5807] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  768.179989][ T5807] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  768.244197][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  768.262415][ T5807] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  768.273061][ T5807] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  768.283034][ T5807] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  768.298473][ T5807] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  768.306324][T16536] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  768.308925][ T5807] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  768.341820][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[  768.351315][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  768.367471][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[  768.378987][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[  768.390203][ T5887] usb 4-1: low speed audio streaming not supported
[  768.429957][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  768.466672][ T5807] usb 1-1: Manufacturer: syz
[  768.466861][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[  768.488159][T16557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[  768.496994][ T5807] usb 1-1: config 0 descriptor??
[  768.857102][  T792] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  768.992539][T16566] FAULT_INJECTION: forcing a failure.
[  768.992539][T16566] name failslab, interval 1, probability 0, space 0, times 0
[  769.013104][ T5807] rc_core: IR keymap rc-hauppauge not found
[  769.020548][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  769.048781][ T5807] Registered IR keymap rc-empty
[  769.064282][T16566] CPU: 1 UID: 0 PID: 16566 Comm: syz.1.2606 Not tainted syzkaller #0 PREEMPT(full) 
[  769.064305][T16566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  769.064313][T16566] Call Trace:
[  769.064317][T16566]  <TASK>
[  769.064322][T16566]  dump_stack_lvl+0x100/0x190
[  769.064342][T16566]  should_fail_ex.cold+0x5/0xa
[  769.064357][T16566]  should_failslab+0xc2/0x120
[  769.064373][T16566]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  769.064387][T16566]  ? skb_clone+0x190/0x400
[  769.064403][T16566]  skb_clone+0x190/0x400
[  769.064418][T16566]  netlink_deliver_tap+0xaed/0xcc0
[  769.064437][T16566]  netlink_unicast+0x650/0x870
[  769.064454][T16566]  ? __pfx_netlink_unicast+0x10/0x10
[  769.064475][T16566]  netlink_sendmsg+0x8b0/0xda0
[  769.064497][T16566]  ? __pfx_netlink_sendmsg+0x10/0x10
[  769.064514][T16566]  ? __might_fault+0xc0/0x140
[  769.064532][T16566]  ____sys_sendmsg+0xa54/0xc30
[  769.064551][T16566]  ? __pfx_____sys_sendmsg+0x10/0x10
[  769.064574][T16566]  ___sys_sendmsg+0x190/0x1e0
[  769.064586][T16566]  ? __pfx____sys_sendmsg+0x10/0x10
[  769.064613][T16566]  __sys_sendmsg+0x170/0x220
[  769.064628][T16566]  ? __pfx___sys_sendmsg+0x10/0x10
[  769.064651][T16566]  do_syscall_64+0x106/0xf80
[  769.064666][T16566]  ? clear_bhb_loop+0x40/0x90
[  769.064679][T16566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.064690][T16566] RIP: 0033:0x7fad7859bf79
[  769.064700][T16566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  769.064710][T16566] RSP: 002b:00007fad79500028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  769.064721][T16566] RAX: ffffffffffffffda RBX: 00007fad78815fa0 RCX: 00007fad7859bf79
[  769.064728][T16566] RDX: 00000000040c0080 RSI: 00002000000002c0 RDI: 0000000000000003
[  769.064734][T16566] RBP: 00007fad79500090 R08: 0000000000000000 R09: 0000000000000000
[  769.064740][T16566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.064747][T16566] R13: 00007fad78816038 R14: 00007fad78815fa0 R15: 00007ffe84c76888
[  769.064765][T16566]  </TASK>
[  769.273633][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.305549][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.319692][   T13] wlan1: Trigger new scan to find an IBSS to join
[  769.330190][ T5807] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  769.342568][ T5807] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input59
[  769.357697][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.384503][    C1] rc rc0: IR event FIFO is full!
[  769.389441][    C1] rc rc0: IR event FIFO is full!
[  769.394353][    C1] rc rc0: IR event FIFO is full!
[  769.399255][    C1] rc rc0: IR event FIFO is full!
[  769.404156][    C1] rc rc0: IR event FIFO is full!
[  769.409058][    C1] rc rc0: IR event FIFO is full!
[  769.413961][    C1] rc rc0: IR event FIFO is full!
[  769.418864][    C1] rc rc0: IR event FIFO is full!
[  769.423786][    C1] rc rc0: IR event FIFO is full!
[  769.428686][    C1] rc rc0: IR event FIFO is full!
[  769.433587][    C1] rc rc0: IR event FIFO is full!
[  769.438489][    C1] rc rc0: IR event FIFO is full!
[  769.443393][    C1] rc rc0: IR event FIFO is full!
[  769.449446][    C1] rc rc0: IR event FIFO is full!
[  769.454389][    C1] rc rc0: IR event FIFO is full!
[  769.459300][    C1] rc rc0: IR event FIFO is full!
[  769.464210][    C1] rc rc0: IR event FIFO is full!
[  769.469122][    C1] rc rc0: IR event FIFO is full!
[  769.474032][    C1] rc rc0: IR event FIFO is full!
[  769.479581][    C1] rc rc0: IR event FIFO is full!
[  769.484513][    C1] rc rc0: IR event FIFO is full!
[  769.489899][    C1] rc rc0: IR event FIFO is full!
[  769.494822][    C1] rc rc0: IR event FIFO is full!
[  769.499726][    C1] rc rc0: IR event FIFO is full!
[  769.504628][    C1] rc rc0: IR event FIFO is full!
[  769.509531][    C1] rc rc0: IR event FIFO is full!
[  769.514433][    C1] rc rc0: IR event FIFO is full!
[  769.519346][    C1] rc rc0: IR event FIFO is full!
[  769.524250][    C1] rc rc0: IR event FIFO is full!
[  769.529719][    C1] rc rc0: IR event FIFO is full!
[  769.534658][    C1] rc rc0: IR event FIFO is full!
[  769.539571][    C1] rc rc0: IR event FIFO is full!
[  769.544478][    C1] rc rc0: IR event FIFO is full!
[  769.550045][    C1] rc rc0: IR event FIFO is full!
[  769.554974][    C1] rc rc0: IR event FIFO is full!
[  769.559880][    C1] rc rc0: IR event FIFO is full!
[  769.564783][    C1] rc rc0: IR event FIFO is full!
[  769.569685][    C1] rc rc0: IR event FIFO is full!
[  769.574762][    C1] rc rc0: IR event FIFO is full!
[  769.579675][    C1] rc rc0: IR event FIFO is full!
[  769.584591][    C1] rc rc0: IR event FIFO is full!
[  769.589492][    C1] rc rc0: IR event FIFO is full!
[  769.594410][    C1] rc rc0: IR event FIFO is full!
[  769.599866][    C1] rc rc0: IR event FIFO is full!
[  769.604948][    C1] rc rc0: IR event FIFO is full!
[  769.609868][    C1] rc rc0: IR event FIFO is full!
[  769.614773][    C1] rc rc0: IR event FIFO is full!
[  769.619681][    C1] rc rc0: IR event FIFO is full!
[  769.624601][    C1] rc rc0: IR event FIFO is full!
[  769.629506][    C1] rc rc0: IR event FIFO is full!
[  769.634409][    C1] rc rc0: IR event FIFO is full!
[  769.639928][    C1] rc rc0: IR event FIFO is full!
[  769.644841][    C1] rc rc0: IR event FIFO is full!
[  769.649744][    C1] rc rc0: IR event FIFO is full!
[  769.655235][    C1] rc rc0: IR event FIFO is full!
[  769.668991][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.689725][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.713312][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  769.746581][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.132676][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.174485][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.195547][ T5921] usb 4-1: USB disconnect, device number 29
[  770.217641][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.260739][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.399776][ T5807] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  770.442172][ T5807] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  770.575953][T16583] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2609'.
[  770.863502][ T5807] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  770.941733][ T5807] usb 1-1: USB disconnect, device number 37
[  771.093897][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  771.242810][T16598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2614'.
[  771.595585][T16617] FAULT_INJECTION: forcing a failure.
[  771.595585][T16617] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  771.608863][T16617] CPU: 1 UID: 0 PID: 16617 Comm: syz.3.2618 Not tainted syzkaller #0 PREEMPT(full) 
[  771.608886][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  771.608897][T16617] Call Trace:
[  771.608904][T16617]  <TASK>
[  771.608911][T16617]  dump_stack_lvl+0x100/0x190
[  771.608944][T16617]  should_fail_ex.cold+0x5/0xa
[  771.608963][T16617]  ? prepare_alloc_pages+0x16d/0x5f0
[  771.608993][T16617]  should_fail_alloc_page+0xeb/0x140
[  771.609021][T16617]  prepare_alloc_pages+0x1f0/0x5f0
[  771.609052][T16617]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  771.609079][T16617]  ? __lock_acquire+0x4a5/0x2630
[  771.609107][T16617]  ? __pfx_css_rstat_updated+0x10/0x10
[  771.609135][T16617]  ? kvm_sched_clock_read+0x11/0x20
[  771.609158][T16617]  ? sched_clock+0x38/0x60
[  771.609185][T16617]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  771.609207][T16617]  ? lock_acquire+0x1cf/0x380
[  771.609233][T16617]  ? find_held_lock+0x2b/0x80
[  771.609258][T16617]  ? mark_held_locks+0x40/0x70
[  771.609287][T16617]  ? finish_task_switch.isra.0+0x205/0xb80
[  771.609317][T16617]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  771.609342][T16617]  ? policy_nodemask+0xed/0x4f0
[  771.609369][T16617]  alloc_pages_mpol+0x1fb/0x550
[  771.609396][T16617]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  771.609435][T16617]  folio_alloc_mpol_noprof+0x36/0x340
[  771.609464][T16617]  vma_alloc_folio_noprof+0xed/0x1d0
[  771.609493][T16617]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  771.609529][T16617]  do_anonymous_page+0xb3a/0x1fb0
[  771.609558][T16617]  __handle_mm_fault+0x1d42/0x2b60
[  771.609585][T16617]  ? __pfx___handle_mm_fault+0x10/0x10
[  771.609610][T16617]  ? pte_offset_map_lock+0x174/0x320
[  771.609634][T16617]  ? find_held_lock+0x2b/0x80
[  771.609663][T16617]  ? follow_page_pte+0x5b3/0x1400
[  771.609695][T16617]  handle_mm_fault+0x36d/0xa20
[  771.609720][T16617]  __get_user_pages+0xf9c/0x34d0
[  771.609756][T16617]  ? __pfx___get_user_pages+0x10/0x10
[  771.609790][T16617]  faultin_page_range+0x1f1/0x9e0
[  771.609824][T16617]  madvise_do_behavior+0x354/0x510
[  771.609855][T16617]  ? __pfx_madvise_do_behavior+0x10/0x10
[  771.609890][T16617]  ? vfs_write+0x464/0x1070
[  771.609919][T16617]  do_madvise+0x195/0x240
[  771.609945][T16617]  ? __pfx_do_madvise+0x10/0x10
[  771.609971][T16617]  ? __mutex_unlock_slowpath+0x15c/0x790
[  771.610015][T16617]  ? ksys_write+0x1ac/0x250
[  771.610038][T16617]  ? __pfx_ksys_write+0x10/0x10
[  771.610067][T16617]  __x64_sys_madvise+0xa9/0x110
[  771.610094][T16617]  ? lockdep_hardirqs_on+0x78/0x100
[  771.610118][T16617]  do_syscall_64+0x106/0xf80
[  771.610141][T16617]  ? clear_bhb_loop+0x40/0x90
[  771.610163][T16617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.610182][T16617] RIP: 0033:0x7fd79d79bf79
[  771.610198][T16617] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  771.610215][T16617] RSP: 002b:00007fd79e663028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  771.610232][T16617] RAX: ffffffffffffffda RBX: 00007fd79da16180 RCX: 00007fd79d79bf79
[  771.610244][T16617] RDX: 0000000000000017 RSI: 0000000000c00000 RDI: 0000200000000000
[  771.610255][T16617] RBP: 00007fd79e663090 R08: 0000000000000000 R09: 0000000000000000
[  771.610266][T16617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.610276][T16617] R13: 00007fd79da16218 R14: 00007fd79da16180 R15: 00007fff47ac62d8
[  771.610301][T16617]  </TASK>
[  771.973810][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  771.973835][   T30] audit: type=1400 audit(1771314148.448:466): avc:  denied  { ioctl } for  pid=16610 comm="syz.3.2618" path="socket:[101542]" dev="sockfs" ino=101542 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  772.400707][ T5921] net_ratelimit: 7 callbacks suppressed
[  772.400724][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.414358][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.414454][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.009035][ T7868] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.019473][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.028020][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.321393][T14849] wlan1: Trigger new scan to find an IBSS to join
[  773.470390][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.478760][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.916490][T16647] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2627'.
[  774.171429][T16658] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  774.317977][ T7868] wlan1: Creating new IBSS network, BSSID fa:38:9a:c1:c0:b0
[  774.377119][T16660] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  774.511255][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  774.519357][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  774.847505][T16660] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  774.965426][T16661] mac80211_hwsim hwsim10 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  774.974654][   T13] wlan1: Selected IBSS BSSID da:0a:8a:30:f2:09 based on configured SSID
[  776.058235][T16660] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.281471][T16660] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  776.553472][ T5129] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260
[  776.758720][   T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  776.841056][   T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  776.881450][   T13] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  776.910900][   T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  776.983200][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2640'.
[  777.947392][ T5921] net_ratelimit: 4 callbacks suppressed
[  777.947411][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.003824][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.012130][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.030065][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.075237][T16700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2641'.
[  778.111415][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2640'.
[  778.129963][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2640'.
[  778.165539][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2640'.
[  778.411565][T16694] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2640'.
[  778.503476][T16707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  778.670853][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.679715][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.688419][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.073743][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.082840][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.132396][   T30] audit: type=1400 audit(1771314156.018:467): avc:  denied  { ioctl } for  pid=16715 comm="syz.0.2642" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x9404 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  779.179189][   T30] audit: type=1400 audit(1771314156.058:468): avc:  denied  { read } for  pid=16719 comm="syz.4.2648" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  779.203891][   T30] audit: type=1400 audit(1771314156.058:469): avc:  denied  { open } for  pid=16719 comm="syz.4.2648" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  779.229415][   T30] audit: type=1400 audit(1771314156.108:470): avc:  denied  { ioctl } for  pid=16719 comm="syz.4.2648" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  779.256672][   T30] audit: type=1400 audit(1771314156.138:471): avc:  denied  { getopt } for  pid=16719 comm="syz.4.2648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  779.277031][ T6326] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  779.309833][ T5807] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  779.452302][ T6326] usb 2-1: Using ep0 maxpacket: 8
[  779.469739][ T5807] usb 6-1: Using ep0 maxpacket: 8
[  779.474916][ T6326] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  779.483381][ T6326] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  779.493911][ T6326] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  779.504490][ T6326] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  779.514579][ T5807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  779.525759][ T5807] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  779.535001][ T6326] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  779.548287][ T5807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.560687][ T5807] usb 6-1: config 0 descriptor??
[  779.565871][ T6326] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  779.575591][ T6326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.781096][ T5807] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  779.806917][ T6326] usb 2-1: GET_CAPABILITIES returned 0
[  779.812913][ T6326] usbtmc 2-1:16.0: can't read capabilities
[  779.999675][ T5887] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  780.355482][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  780.390779][ T5921] usb 2-1: USB disconnect, device number 39
[  780.408103][ T6326] usb 6-1: USB disconnect, device number 39
[  780.414053][    C1] iowarrior 6-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  780.673648][ T5887] usb 1-1: Using ep0 maxpacket: 8
[  780.691054][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  780.768373][ T5887] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  780.783677][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.795058][ T5887] usb 1-1: config 0 descriptor??
[  780.850375][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  780.930933][T16743] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2654'.
[  781.033109][ T5887] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  781.242718][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2657'.
[  781.283752][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2657'.
[  781.316718][T16755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2657'.
[  781.614656][ T5887] usb 1-1: USB disconnect, device number 38
[  781.620592][    C0] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  782.099715][   T24] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  782.260380][   T24] usb 6-1: Using ep0 maxpacket: 8
[  782.267508][   T24] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  782.276988][   T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  782.287699][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  782.299229][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  782.309975][   T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  782.327607][   T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  782.338289][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.558147][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  782.635504][   T24] usb 6-1: GET_CAPABILITIES returned 0
[  782.648220][   T24] usbtmc 6-1:16.0: can't read capabilities
[  782.700961][ T5129] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260
[  782.912330][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.928593][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.937638][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.946673][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.955695][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.964715][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.973736][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.982760][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  782.991784][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.000806][    C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.097628][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.106689][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.115706][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.124722][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.133733][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.143310][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  783.418860][   T24] usb 6-1: USB disconnect, device number 40
[  783.549709][ T6326] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  783.704016][T16804] __nla_validate_parse: 2 callbacks suppressed
[  783.704042][T16804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2671'.
[  783.725178][ T6326] usb 4-1: Using ep0 maxpacket: 8
[  783.740240][T16804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2671'.
[  783.740466][T16804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2671'.
[  783.772050][T16804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2671'.
[  783.782088][T16804] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2671'.
[  783.864454][ T5807] net_ratelimit: 8 callbacks suppressed
[  783.864471][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  783.879781][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  783.889223][ T6326] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  783.898427][ T6326] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  783.908379][ T6326] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  784.210258][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  784.247090][ T6326] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  784.315832][ T6326] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  784.375472][ T6326] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  784.428810][ T6326] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.749951][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  784.783897][ T6326] usb 4-1: GET_CAPABILITIES returned 0
[  784.792796][ T6326] usbtmc 4-1:16.0: can't read capabilities
[  784.920054][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  784.931340][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  785.100297][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.109355][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.118379][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.127420][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.136442][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.145463][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.154509][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.163573][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.172634][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.181704][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.270098][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.279201][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.288257][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.297302][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.306338][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  785.315379][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  786.165439][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.173852][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.308685][ T5916] usb 4-1: USB disconnect, device number 30
[  786.864526][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2682'.
[  786.899818][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2682'.
[  786.910694][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2682'.
[  786.921470][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2682'.
[  786.931410][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2682'.
[  787.170215][ T5129] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  787.230251][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  787.245528][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.313738][ T6326] net_ratelimit: 9 callbacks suppressed
[  789.313759][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.319065][T16861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.335656][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.343737][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  789.349083][T16867] trusted_key: encrypted_key: master key parameter 'ž¼' is invalid
[  790.053380][T16861] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  790.275365][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  790.353759][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  790.370051][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  790.873106][T16886] __nla_validate_parse: 2 callbacks suppressed
[  790.873138][T16886] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2693'.
[  790.904004][ T5916] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  791.189680][ T6326] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  791.379776][ T6326] usb 1-1: Using ep0 maxpacket: 8
[  791.790676][ T6326] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  791.830310][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  791.881535][ T6326] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  792.752673][ T6326] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.822119][ T6326] usb 1-1: config 0 descriptor??
[  793.064098][ T6326] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  793.355460][T16907] netlink: 'syz.5.2701': attribute type 58 has an invalid length.
[  793.412033][ T5916] usb 1-1: USB disconnect, device number 39
[  793.412042][    C1] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  793.754951][T16908] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  793.759886][ T1159] wlan1: Selected IBSS BSSID fa:38:9a:c1:c0:b0 based on configured SSID
[  795.015712][T16934] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20003
[  795.234680][ T5807] net_ratelimit: 8 callbacks suppressed
[  795.234697][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  795.248878][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  795.560829][ T5807] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  795.750965][ T5807] usb 4-1: Using ep0 maxpacket: 32
[  795.765146][ T5807] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  795.776356][T16948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'.
[  795.816792][T16948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'.
[  795.825870][T16948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'.
[  795.835449][T16948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'.
[  795.844371][T16948] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2710'.
[  795.869087][ T5807] usb 4-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[  795.881967][ T5807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.919734][ T5807] usb 4-1: Product: syz
[  795.934057][ T5807] usb 4-1: Manufacturer: syz
[  795.944150][ T5807] usb 4-1: SerialNumber: syz
[  795.971257][ T5807] usb 4-1: config 0 descriptor??
[  796.339622][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  796.349687][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  796.350147][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  796.477217][T16941] 
[  796.479538][T16941] ======================================================
[  796.486519][T16941] WARNING: possible circular locking dependency detected
[  796.493500][T16941] syzkaller #0 Not tainted
[  796.497881][T16941] ------------------------------------------------------
[  796.504861][T16941] syz.3.2709/16941 is trying to acquire lock:
[  796.510890][T16941] ffff88805ac22c68 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x69/0x80
[  796.519121][T16941] 
[  796.519121][T16941] but task is already holding lock:
[  796.526462][T16941] ffff8880352a0420 (sb_writers#6){.+.+}-{0:0}, at: __do_splice+0x33b/0x370
[  796.535101][T16941] 
[  796.535101][T16941] which lock already depends on the new lock.
[  796.535101][T16941] 
[  796.545486][T16941] 
[  796.545486][T16941] the existing dependency chain (in reverse order) is:
[  796.554475][T16941] 
[  796.554475][T16941] -> #3 (sb_writers#6){.+.+}-{0:0}:
[  796.561838][T16941]        mnt_want_write+0x6f/0x450
[  796.566929][T16941]        ovl_create_object+0x12b/0x3b0
[  796.572373][T16941]        lookup_open.isra.0+0xc47/0x11b0
[  796.577983][T16941]        path_openat+0x2291/0x31a0
[  796.583076][T16941]        do_file_open+0x20e/0x430
[  796.588084][T16941]        do_sys_openat2+0x10d/0x1e0
[  796.593257][T16941]        __x64_sys_openat+0x12d/0x210
[  796.598605][T16941]        do_syscall_64+0x106/0xf80
[  796.603697][T16941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.610087][T16941] 
[  796.610087][T16941] -> #2 (&ovl_i_mutex_dir_key[depth]#2){++++}-{4:4}:
[  796.618925][T16941]        down_read+0x99/0x460
[  796.623587][T16941]        lookup_slow+0x42/0x70
[  796.628330][T16941]        path_lookupat+0x5e8/0xc40
[  796.633420][T16941]        filename_lookup+0x202/0x590
[  796.638686][T16941]        kern_path+0x37/0x50
[  796.643255][T16941]        lookup_bdev+0xd8/0x280
[  796.648082][T16941]        resume_store+0x1d6/0x460
[  796.653083][T16941]        kobj_attr_store+0x58/0x80
[  796.658181][T16941]        sysfs_kf_write+0xf2/0x150
[  796.663278][T16941]        kernfs_fop_write_iter+0x3e0/0x5f0
[  796.669062][T16941]        vfs_write+0x6ac/0x1070
[  796.673894][T16941]        ksys_write+0x12a/0x250
[  796.678722][T16941]        do_syscall_64+0x106/0xf80
[  796.683817][T16941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.690209][T16941] 
[  796.690209][T16941] -> #1 (&of->mutex){+.+.}-{4:4}:
[  796.697394][T16941]        __mutex_lock+0x1a2/0x1b90
[  796.702486][T16941]        kernfs_fop_write_iter+0x2c2/0x5f0
[  796.708268][T16941]        iter_file_splice_write+0x82b/0x10a0
[  796.714228][T16941]        do_splice+0x109c/0x1fd0
[  796.719148][T16941]        __do_splice+0x33b/0x370
[  796.724068][T16941]        __x64_sys_splice+0x187/0x250
[  796.729413][T16941]        do_syscall_64+0x106/0xf80
[  796.734505][T16941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.740895][T16941] 
[  796.740895][T16941] -> #0 (&pipe->mutex){+.+.}-{4:4}:
[  796.748249][T16941]        __lock_acquire+0x14b8/0x2630
[  796.753603][T16941]        lock_acquire+0x1cf/0x380
[  796.758608][T16941]        __mutex_lock+0x1a2/0x1b90
[  796.763699][T16941]        pipe_lock+0x69/0x80
[  796.768269][T16941]        iter_file_splice_write+0x1f8/0x10a0
[  796.774231][T16941]        do_splice+0x109c/0x1fd0
[  796.779149][T16941]        __do_splice+0x33b/0x370
[  796.784071][T16941]        __x64_sys_splice+0x187/0x250
[  796.789416][T16941]        do_syscall_64+0x106/0xf80
[  796.794505][T16941]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.800895][T16941] 
[  796.800895][T16941] other info that might help us debug this:
[  796.800895][T16941] 
[  796.811093][T16941] Chain exists of:
[  796.811093][T16941]   &pipe->mutex --> &ovl_i_mutex_dir_key[depth]#2 --> sb_writers#6
[  796.811093][T16941] 
[  796.824800][T16941]  Possible unsafe locking scenario:
[  796.824800][T16941] 
[  796.832221][T16941]        CPU0                    CPU1
[  796.837559][T16941]        ----                    ----
[  796.842894][T16941]   rlock(sb_writers#6);
[  796.847116][T16941]                                lock(&ovl_i_mutex_dir_key[depth]#2);
[  796.855242][T16941]                                lock(sb_writers#6);
[  796.861896][T16941]   lock(&pipe->mutex);
[  796.866026][T16941] 
[  796.866026][T16941]  *** DEADLOCK ***
[  796.866026][T16941] 
[  796.874139][T16941] 1 lock held by syz.3.2709/16941:
[  796.879219][T16941]  #0: ffff8880352a0420 (sb_writers#6){.+.+}-{0:0}, at: __do_splice+0x33b/0x370
[  796.888254][T16941] 
[  796.888254][T16941] stack backtrace:
[  796.894115][T16941] CPU: 1 UID: 0 PID: 16941 Comm: syz.3.2709 Not tainted syzkaller #0 PREEMPT(full) 
[  796.894133][T16941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  796.894142][T16941] Call Trace:
[  796.894147][T16941]  <TASK>
[  796.894152][T16941]  dump_stack_lvl+0x100/0x190
[  796.894175][T16941]  print_circular_bug.cold+0x178/0x1c7
[  796.894201][T16941]  check_noncircular+0x146/0x160
[  796.894223][T16941]  __lock_acquire+0x14b8/0x2630
[  796.894245][T16941]  ? __kasan_kmalloc+0xaa/0xb0
[  796.894261][T16941]  ? __kmalloc_noprof+0x301/0x850
[  796.894279][T16941]  lock_acquire+0x1cf/0x380
[  796.894299][T16941]  ? pipe_lock+0x69/0x80
[  796.894318][T16941]  ? __pfx___might_resched+0x10/0x10
[  796.894334][T16941]  __mutex_lock+0x1a2/0x1b90
[  796.894354][T16941]  ? pipe_lock+0x69/0x80
[  796.894373][T16941]  ? pipe_lock+0x69/0x80
[  796.894392][T16941]  ? __pfx___mutex_lock+0x10/0x10
[  796.894413][T16941]  ? trace_kmalloc+0x101/0x130
[  796.894432][T16941]  ? __kasan_kmalloc+0xaa/0xb0
[  796.894450][T16941]  ? pipe_lock+0x69/0x80
[  796.894467][T16941]  pipe_lock+0x69/0x80
[  796.894485][T16941]  iter_file_splice_write+0x1f8/0x10a0
[  796.894507][T16941]  ? futex_unqueue+0x13d/0x2c0
[  796.894529][T16941]  ? __pfx___futex_wait+0x10/0x10
[  796.894545][T16941]  ? __pfx_iter_file_splice_write+0x10/0x10
[  796.894566][T16941]  ? __lock_acquire+0x4a5/0x2630
[  796.894586][T16941]  ? futex_hash+0x2c5/0x380
[  796.894608][T16941]  ? __pfx_iter_file_splice_write+0x10/0x10
[  796.894630][T16941]  do_splice+0x109c/0x1fd0
[  796.894651][T16941]  ? __lock_acquire+0x4a5/0x2630
[  796.894673][T16941]  ? __pfx_do_splice+0x10/0x10
[  796.894692][T16941]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  796.894712][T16941]  ? find_held_lock+0x2b/0x80
[  796.894729][T16941]  __do_splice+0x33b/0x370
[  796.894750][T16941]  ? __pfx___do_splice+0x10/0x10
[  796.894773][T16941]  __x64_sys_splice+0x187/0x250
[  796.894786][T16941]  do_syscall_64+0x106/0xf80
[  796.894804][T16941]  ? clear_bhb_loop+0x40/0x90
[  796.894819][T16941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  796.894833][T16941] RIP: 0033:0x7fd79d79bf79
[  796.894845][T16941] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  796.894859][T16941] RSP: 002b:00007fd79e6a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  796.894873][T16941] RAX: ffffffffffffffda RBX: 00007fd79da15fa0 RCX: 00007fd79d79bf79
[  796.894883][T16941] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000008
[  796.894891][T16941] RBP: 00007fd79d8327e0 R08: 0000000000001000 R09: 0800000000000000
[  796.894901][T16941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  796.894909][T16941] R13: 00007fd79da16038 R14: 00007fd79da15fa0 R15: 00007fff47ac62d8
[  796.894923][T16941]  </TASK>
[  797.427671][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  797.428423][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  797.511084][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  797.519401][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  797.519490][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  798.430690][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  799.133428][T15661] usb 4-1: USB disconnect, device number 31
[  800.510705][T15661] net_ratelimit: 4 callbacks suppressed
[  800.510718][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  800.590739][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  800.669893][T15661] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  801.069759][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  801.549877][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  801.719705][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  802.430028][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  802.590008][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  802.750025][ T6326] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  802.990600][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  803.630631][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  805.050449][ T7868] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  805.709973][ T5807] net_ratelimit: 5 callbacks suppressed
[  805.709990][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  805.870965][ T5807] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog